CVE-2023-26459: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

CVE-2023-26459 affects SAP NetWeaver AS for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, and 791. The vulnerability was discovered and disclosed in March 2023, involving improper input controls that could allow authenticated non-administrative users to perform unauthorized actions (NVD).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) issue with a CVSS v3.1 Base Score of 7.4 (HIGH). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). The scope is changed (S:C) with low impacts on confidentiality, integrity, and availability (C:L/I:L/A:L) (NVD).

When exploited, this vulnerability allows an authenticated non-administrative user to craft requests that trigger the application server to send requests to arbitrary URLs. This can lead to unauthorized access, modification, or unavailability of non-sensitive information, resulting in low impacts on confidentiality, integrity, and availability (NVD).

SAP has released security patches to address this vulnerability. Users are advised to apply the relevant security updates as detailed in SAP Security Note 3296346 (SAP Note).