medium2026-07-14SAP NetWeaverCVE-2026-44760
Cross-Site Scripting in SAP NetWeaver AS ABAP Business Server Pages
SAP NetWeaver AS ABAP (Business Server Pages)
Our Take
BSP is used in legacy web applications across many SAP modules. Standard planned window — bundle with other BASIS-level patches.
Vulnerability Detail
Cross-site scripting vulnerability in the Business Server Pages (BSP) component of SAP NetWeaver AS ABAP. An attacker can craft a URL targeting a BSP application that, when visited by an authenticated user, executes scripts in the victim's browser context.
Patch Action
Apply SAP Note 3754659. Verify affected versions in the official SAP Note.
Patch Info