Detections
Analytics
SAP NetWeaver AS ABAP XML Signature Wrapping in SAML Authentication (3746332)
critical Nessus Plugin ID 320858
Synopsis
The remote SAP NetWeaver ABAP server is affected by an XML signature wrapping vulnerability.Description
The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by an XML signature wrapping vulnerability in SAML authentication as referenced in SAP Security Note 3746332:- SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to sensitive user data and potential disruption of normal system usage. This causes a high impact on confidentiality, integrity and availability of the application. (CVE-2026-44748)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Apply the appropriate patch according to the vendor advisory.See Also
Plugin Details
Severity: Critical
ID: 320858
File Name: sap_netweaver_as_abap_3746332.nasl
Version: 1.1
Type: Remote
Family: Web Servers
Published: 6/12/2026
Updated: 6/12/2026
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: High
Base Score: 9
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2026-44748
CVSS v3
Risk Factor: Critical
Base Score: 9.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:sap:netweaver_application_server
Required KB Items: installed_sw/SAP Netweaver Application Server (AS), Settings/ParanoidReport
Exploit Ease: No known exploits are available
Patch Publication Date: 6/9/2026
Vulnerability Publication Date: 6/9/2026
Reference Information
CVE: CVE-2026-44748
IAVA: 2026-A-0556