CVE-2026-0500
Last modified
CVE-2026-0500 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope Server could execute OS commands on the victim's machine. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope Server could execute OS commands on the victim's machine. This could completely compromising confidentiality, integrity and availability of the system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Introscope Enterprise Manager | 10.8 |
References
- https://me.sap.com/notes/3668679Permissions Required
- https://url.sap/sapsecuritypatchdayPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-0500?
How severe is CVE-2026-0500?
How do I fix CVE-2026-0500?
Are you affected by CVE-2026-0500?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST