CVE-2026-0497

Summary

SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SEBusiness Server Pages Application (Product Designer Web UI)SAP_APPL 618affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)S4CORE 102affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)103affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)104affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)105affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)106affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)107affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)108affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)109affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)EA-APPL 600affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)602affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)603affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)604affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)605affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)606affected
SAP_SEBusiness Server Pages Application (Product Designer Web UI)617affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References