Description

Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic execution, potentially causing a denial of service. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.

INFO

Published Date :

2026-02-10T03:02:27.146Z

Last Modified :

2026-02-10T17:19:28.762Z

Source :

sap
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23685 vulnerability.

Vendors Products
Sap Se
  • Sap Netweaver (jms Service)
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23685.

URL Resource
https://me.sap.com/notes/3687285 cve-icon cve-icon
https://url.sap/sapsecuritypatchday cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact