CVE-2026-24323 is a vulnerability classified under CWE-601 (URL Redirection to Untrusted Site) affecting the SAP Document Management System, specifically its BSP (Business Server Pages) applications. The issue arises because user-controlled URL parameters are not properly sanitized, allowing an unauthenticated attacker to craft URLs that inject malicious script content. When a victim clicks or accesses such a crafted URL, the injected script executes in their browser context, potentially leading to unauthorized actions or data exposure. The vulnerability impacts confidentiality and integrity at a low level but does not affect system availability. The CVSS 3.1 base score is 6.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction needed, and a scope change due to the cross-origin impact. Affected SAP versions include multiple releases of SAP_APPL (618) and S4CORE (102 through 109), as well as EA-APPL versions 600 through 617, indicating a broad footprint across SAP enterprise customers. No patches or known exploits are currently available, but the vulnerability presents a risk for phishing and social engineering campaigns that could leverage the URL redirection to trick users into executing malicious scripts. The vulnerability's exploitation could lead to session hijacking, credential theft, or unauthorized actions performed in the context of the victim's browser session with the SAP system.

For European organizations, this vulnerability poses a risk primarily through social engineering and phishing attacks that exploit the URL redirection flaw to execute malicious scripts in users' browsers. This can lead to unauthorized disclosure of sensitive information (confidentiality impact) and unauthorized modification or manipulation of data (integrity impact) within SAP Document Management System sessions. Although availability is not affected, the breach of confidentiality and integrity can have serious consequences, especially for organizations handling critical business processes, intellectual property, or regulated data. Given SAP's widespread use in European enterprises across sectors such as manufacturing, finance, and public administration, exploitation could facilitate lateral movement or further compromise within corporate networks. The lack of authentication requirement lowers the barrier for attackers, increasing the likelihood of targeted attacks against European companies. The vulnerability could also undermine trust in SAP systems and lead to compliance issues under GDPR if personal data is exposed.

1. Implement strict input validation and sanitization on all URL parameters within the SAP Document Management System, particularly in BSP applications, to prevent injection of malicious scripts. 2. Deploy web application firewalls (WAFs) with custom rules to detect and block suspicious URL redirection attempts targeting SAP systems. 3. Educate users and administrators about phishing risks and encourage caution when clicking on URLs, especially those received via email or external sources. 4. Monitor SAP system logs and network traffic for unusual URL patterns or redirection activities that could indicate exploitation attempts. 5. Coordinate with SAP support to obtain and apply official patches or security updates as soon as they become available. 6. Use Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within SAP web applications. 7. Limit exposure of SAP Document Management System interfaces to trusted networks or VPNs to reduce attack surface. 8. Conduct regular security assessments and penetration testing focused on URL handling and input validation in SAP environments.