← voltar
CVE-2026-0510

Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping

CVSS 3 LOWEPSS 0.1%CWE-326
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 3EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 jan 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
Produtos afetados
SAP_SE · NW AS Java UME User Mapping

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3593356https://url.sap/sapsecuritypatchday