CVE-2026-0514

EPSS 0.07%
Veröffentlicht 13.01.2026 01:16:03
Zuletzt bearbeitet 16.01.2026 16:53:03
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, impacting confidentiality and integrity, with no effect on availability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Business Connector Version4.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.204

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://url.sap/sapsecuritypatchday

Vendor Advisory

https://me.sap.com/notes/3666061

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2026-0514

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-0514

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-0514

EUVD