Primary

Context

SAP Gateway Error Message Injection Vulnerability Allowing Disclosure of Request Artefacts

Vulnerability

A vulnerability in SAP Gateway allows for the injection of content into error messages. This could lead to the unintentional disclosure of request artefacts, such as regular expression patterns, and expose the underlying URI parsing logic. While this vulnerability has a low impact on confidentiality, it does not affect integrity or availability.

Impact

Exploitation of this vulnerability could result in the injection of content into error messages, potentially disclosing sensitive request artefacts and URI parsing details.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.

Added: May 26, 2026, 10:37 PM

Updated: May 26, 2026, 10:37 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

6.6

remediation

5.6

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

6.6

remediation

5.6

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Gateway Error Message Injection Vulnerability Allowing Disclosure of Request Artefacts

Vulnerability

Impact

Remediation

Affected Products

SAP Gateway

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating