CVE-2026-0510
Obsolete Cryptography in NetWeaver UME Risks Data Disclosure
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | netweaver_application_server_for_java | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-326 | The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the User Management Engine (UME) in NetWeaver Application Server for Java using an obsolete cryptographic algorithm to encrypt User Mapping data. An attacker with high-privileged access could exploit this weakness under specific conditions, potentially leading to partial disclosure of sensitive information. The impact on confidentiality is low, and there is no impact on integrity or availability.
How can this vulnerability impact me? :
The vulnerability could allow an attacker with high-privileged access to partially disclose sensitive information related to User Mapping data. However, it has a low impact on confidentiality and does not affect the integrity or availability of the application.