CVE-2026-0505
Undergoing Analysis
Undergoing Analysis - In Progress
BaseFortify
Publication date: 2026-02-10
Last updated on: 2026-02-17
Assigner: SAP SE
Description
Description
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | erp | 618 |
| sap | s4core | 102 |
| sap | s4core | 103 |
| sap | s4core | 104 |
| sap | s4core | 105 |
| sap | s4core | 106 |
| sap | s4core | 107 |
| sap | s4core | 108 |
| sap | document_management_system | 600 |
| sap | document_management_system | 603 |
| sap | document_management_system | 604 |
| sap | document_management_system | 605 |
| sap | document_management_system | 606 |
| sap | document_management_system | 617 |
| sap | document_management_system | 602 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
