CVE-2026-0505

Multiple vulnerabilities in BSP Applications of SAP Document Management System

CVSS 6.1 MEDIUMEPSS 0.2%CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 fev 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Produtos afetados

SAP_SE · SAP Document Management System

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://me.sap.com/notes/3678417 https://url.sap/sapsecuritypatchday