CVE-2026-0505

Summary

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Document Management SystemSAP_APPL 618affected
SAP_SESAP Document Management SystemS4CORE 102affected
SAP_SESAP Document Management System103affected
SAP_SESAP Document Management System104affected
SAP_SESAP Document Management System105affected
SAP_SESAP Document Management System106affected
SAP_SESAP Document Management System107affected
SAP_SESAP Document Management System108affected
SAP_SESAP Document Management System109affected
SAP_SESAP Document Management SystemEA-APPL 600affected
SAP_SESAP Document Management System602affected
SAP_SESAP Document Management System603affected
SAP_SESAP Document Management System604affected
SAP_SESAP Document Management System605affected
SAP_SESAP Document Management System606affected
SAP_SESAP Document Management System617affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References