CVE-2026-0505
Undergoing Analysis Undergoing Analysis - In Progress

BaseFortify

Vulnerability report for CVE-2026-0505, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-10

Last updated on: 2026-02-17

Assigner: SAP SE

Description

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-10
Last Modified
2026-02-17
Generated
2026-07-06
AI Q&A
2026-02-10
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 15 associated CPEs
Vendor Product Version / Range
sap erp 618
sap s4core 102
sap s4core 103
sap s4core 104
sap s4core 105
sap s4core 106
sap s4core 107
sap s4core 108
sap document_management_system 600
sap document_management_system 603
sap document_management_system 604
sap document_management_system 605
sap document_management_system 606
sap document_management_system 617
sap document_management_system 602

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in BSP applications where an unauthenticated user can manipulate URL parameters that are controlled by users but are not properly validated.

Because of insufficient validation, the attacker can cause the application to redirect users to attacker-controlled websites.

Impact Analysis

The vulnerability can lead to unvalidated redirection, which may allow attackers to redirect users to malicious websites.

This results in a low impact on the confidentiality and integrity of the application, and no impact on its availability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0505. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart