CVE-2026-44757

Awaiting Analysis Awaiting Analysis - Queue

SAP Wily Introscope Enterprise Manager Stored XSS

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: SAP SE

Description

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the confidentiality and integrity of the application with no impact on availability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-09

Generated

2026-06-29

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-44757

EUVD

EUVD-2026-35288

Affected Vendors & Products

Vendor	Product	Version / Range
sap	wily_introscope_enterprise_manager	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-79	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

Mitigation Strategies

The vulnerability involves an unauthenticated attacker crafting a specially crafted URL that can execute a script in the user's browser within the context of the SAP Wily Introscope Enterprise Manager application.

To mitigate this vulnerability, it is recommended to follow SAP's official security patching guidance and apply any relevant security notes or patches provided by SAP.

You should regularly check SAP Security Notes and News for updates and patches related to this vulnerability.

Executive Summary

This vulnerability exists in SAP Wily Introscope Enterprise Manager and allows an unauthenticated attacker to create a specially crafted URL. When a victim accesses this URL under certain conditions, a script injected by the attacker can execute in the victim's browser within the context of the application.

The vulnerability impacts the confidentiality and integrity of the application to a low degree and does not affect availability.

Impact Analysis

The vulnerability can lead to the execution of malicious scripts in the user's browser when they access a crafted URL. This could potentially allow attackers to steal sensitive information or manipulate data within the application context.

However, the impact on confidentiality and integrity is considered low, and there is no impact on the availability of the application.

Compliance Impact

The vulnerability allows an unauthenticated attacker to execute a script in the user's browser within the context of the application, which could potentially lead to unauthorized access to user data.

Although the impact on confidentiality and integrity is low and there is no impact on availability, such cross-site scripting (XSS) vulnerabilities can pose risks to data protection and privacy.

This may affect compliance with standards like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access or disclosure.

Organizations using the affected SAP Wily Introscope Enterprise Manager should assess the risk and implement appropriate mitigations to maintain compliance.

Hi! I’m here to help you understand CVE-2026-44757. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70