CVE-2026-44757
Awaiting Analysis Awaiting Analysis - Queue
SAP Wily Introscope Enterprise Manager Stored XSS

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: SAP SE

Description
SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the userοΏ½s browser within the context of the application. This issue has a low impact on the confidentiality and integrity of the application with no impact on availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-09
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-44757
EUVD
EUVD-2026-35288
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap wily_introscope_enterprise_manager *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in SAP Wily Introscope Enterprise Manager and allows an unauthenticated attacker to create a specially crafted URL. When a victim accesses this URL under certain conditions, a script injected by the attacker can execute in the victim's browser within the context of the application.

The vulnerability impacts the confidentiality and integrity of the application to a low degree and does not affect availability.

Impact Analysis

The vulnerability can lead to the execution of malicious scripts in the user's browser when they access a crafted URL. This could potentially allow attackers to steal sensitive information or manipulate data within the application context.

However, the impact on confidentiality and integrity is considered low, and there is no impact on the availability of the application.

Compliance Impact

The vulnerability allows an unauthenticated attacker to execute a script in the user's browser within the context of the application, which could potentially lead to unauthorized access to user data.

Although the impact on confidentiality and integrity is low and there is no impact on availability, such cross-site scripting (XSS) vulnerabilities can pose risks to data protection and privacy.

This may affect compliance with standards like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access or disclosure.

Organizations using the affected SAP Wily Introscope Enterprise Manager should assess the risk and implement appropriate mitigations to maintain compliance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44757. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart