MEDIUM✓ PATCH🇬🇧 English

CVE-2026-0505

CVSS 6.1v3.1pub. 2026-02-10upd. 2026-02-17

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Sap Document Management System

    APP
    Sap
    600602603604605606617
  • Sap Erp

    APP
    Sap
    618
  • Sap S4core

    APP
    Sap
    102103104105106107108
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2021-33701CRITICAL9.1ten sam produkt

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730...

CVE-2024-39592HIGH7.7ten sam produkt

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escal...

CVE-2020-6188HIGH8.8ten sam produkt

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617,...

CVE-2018-2484HIGH8.8ten sam produkt

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.1...

CVE-2014-2748HIGH7.5ten sam produkt

The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to ...

CVE-2026-0505 — MEDIUM 6.1 | CVEbaza.pl