SAP NetWeaver Application Server ABAP and ABAP Platform Signed XML Modification Vulnerability

A vulnerability exists in SAP NetWeaver Application Server ABAP and ABAP Platform, allowing an authenticated attacker with normal privileges to modify signed XML documents. The attacker can obtain a valid signed message, alter the identity information, and send it to the verifier. This manipulation may lead to unauthorized access to sensitive user data and disrupt normal system operations, significantly impacting the application's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive user data, acceptance of tampered identity information, and disruption of normal system usage.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying necessary patches. SAP Security Notes can be accessed through the SAP for Me platform, specifically on SAP Security Patch Days, which occur on the second Tuesday of each month. For details on the 2026 SAP Security Patch Day schedule, refer to the SAP Security Patch Day Bulletin Archive.