{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0505", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-12-09T22:06:45.302Z", "datePublished": "2026-02-10T03:01:30.818Z", "dateUpdated": "2026-02-10T16:28:31.245Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Document Management System", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "SAP_APPL 618"}, {"status": "affected", "version": "S4CORE 102"}, {"status": "affected", "version": "103"}, {"status": "affected", "version": "104"}, {"status": "affected", "version": "105"}, {"status": "affected", "version": "106"}, {"status": "affected", "version": "107"}, {"status": "affected", "version": "108"}, {"status": "affected", "version": "109"}, {"status": "affected", "version": "EA-APPL 600"}, {"status": "affected", "version": "602"}, {"status": "affected", "version": "603"}, {"status": "affected", "version": "604"}, {"status": "affected", "version": "605"}, {"status": "affected", "version": "606"}, {"status": "affected", "version": "617"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.</p>"}], "value": "The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-10T03:01:30.818Z"}, "references": [{"url": "https://me.sap.com/notes/3678417"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Multiple vulnerabilities in BSP Applications of SAP Document Management System", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T16:28:21.921328Z", "id": "CVE-2026-0505", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T16:28:31.245Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0505", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T16:28:21.921328Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T16:28:27.821Z"}}], "cna": {"title": "Multiple vulnerabilities in BSP Applications of SAP Document Management System", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Document Management System", "versions": [{"status": "affected", "version": "SAP_APPL 618"}, {"status": "affected", "version": "S4CORE 102"}, {"status": "affected", "version": "103"}, {"status": "affected", "version": "104"}, {"status": "affected", "version": "105"}, {"status": "affected", "version": "106"}, {"status": "affected", "version": "107"}, {"status": "affected", "version": "108"}, {"status": "affected", "version": "109"}, {"status": "affected", "version": "EA-APPL 600"}, {"status": "affected", "version": "602"}, {"status": "affected", "version": "603"}, {"status": "affected", "version": "604"}, {"status": "affected", "version": "605"}, {"status": "affected", "version": "606"}, {"status": "affected", "version": "617"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3678417"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-10T03:01:30.818Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0505", "state": "PUBLISHED", "dateUpdated": "2026-02-10T16:28:31.245Z", "dateReserved": "2025-12-09T22:06:45.302Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-02-10T03:01:30.818Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:document_management_system:600:*:*:*:*:*:*:*", "matchCriteriaId": "FD522469-1153-4A3C-9271-2338A5674BDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_management_system:602:*:*:*:*:*:*:*", "matchCriteriaId": "D355E922-5592-41C7-ACE4-311044B9E8C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_management_system:603:*:*:*:*:*:*:*", "matchCriteriaId": "1E8A41C8-812E-4319-B515-CF9F030DAA19", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_management_system:604:*:*:*:*:*:*:*", "matchCriteriaId": "4B470B7D-486C-43B0-B9B0-AC0A16034A01", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_management_system:605:*:*:*:*:*:*:*", "matchCriteriaId": "0024390E-91C7-48B5-8E04-265E9E6D4E75", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_management_system:606:*:*:*:*:*:*:*", "matchCriteriaId": "133C3E0D-2D67-479A-A678-07EB04244BCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:document_management_system:617:*:*:*:*:*:*:*", "matchCriteriaId": "D7E1D717-FA00-47D5-94B6-E818848890C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:erp:618:*:*:*:*:*:*:*", "matchCriteriaId": "4573BD22-D50B-431E-928A-C495E342D1AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s4core:102:*:*:*:*:*:*:*", "matchCriteriaId": "04C95A73-48EB-446C-A5F0-20E1D6BC1779", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s4core:103:*:*:*:*:*:*:*", "matchCriteriaId": "1C3C9003-68A6-4886-8979-9B7D01A35E40", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s4core:104:*:*:*:*:*:*:*", "matchCriteriaId": "964023CE-6EA4-42BB-93B2-DCE6B36D3F89", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s4core:105:*:*:*:*:*:*:*", "matchCriteriaId": "84B775EF-6C11-4FAB-B5E7-8F6C4C5674BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s4core:106:*:*:*:*:*:*:*", "matchCriteriaId": "14D17245-5B6D-4024-AFA6-8E0A70B294BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s4core:107:*:*:*:*:*:*:*", "matchCriteriaId": "5DEFABE8-1797-4C7B-941C-3205AE90914B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s4core:108:*:*:*:*:*:*:*", "matchCriteriaId": "78832FB6-B1DD-4516-B1DF-D90BB58BF25A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application."}, {"lang": "es", "value": "Las aplicaciones BSP permiten a un usuario no autenticado manipular par\u00e1metros URL controlados por el usuario que no est\u00e1n suficientemente validados. Esto podr\u00eda resultar en una redirecci\u00f3n no validada a sitios web controlados por el atacante, lo que conlleva un impacto bajo en la confidencialidad y la integridad, y ning\u00fan impacto en la disponibilidad de la aplicaci\u00f3n."}], "id": "CVE-2026-0505", "lastModified": "2026-02-17T16:06:27.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-02-10T04:16:02.030", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3678417"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_APPL 618"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "S4CORE 102"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "103"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "104"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "105"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "106"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "107"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "108"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "109"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "EA-APPL 600"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "602"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "603"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "604"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "605"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "606"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "617"}}], "product": "sap_document_management_system", "vendor": "sap_se"}], "analysis": {"en": {"generated_at": "2026-04-18T12:54:31.849927+00:00", "value": {"mitigation_remediation": ["Apply the SAP security update referenced in SAP Note 3678417 and the SAP Security Patch Day to upgrade the affected BSP components.", "Verify that all user\u2011controlled URL parameters in the BSP applications are required to go through strict validation and encoding steps before being used in redirects.", "Perform a focused vulnerability review or penetration test on the BSP URL handling logic to confirm that the open redirect issue has been fully remediated."], "summary": {"action": "Patch", "impact": "Open Redirect"}, "threat_synthesis": {"affected_systems": "SAP Document Management System versions 600, 602, 603, 604, 605, 606, and 617, as well as SAP ERP 618 and SAP S4Core 102 through 108, are all affected. Any installation that has not applied the latest security updates to its BSP components remains vulnerable.", "description_and_impact": "The vulnerability affects the Business Services Portal (BSP) applications within SAP Document Management System. An unauthenticated user can modify URL parameters that the application does not validate, which allows the attacker to force a client browser to redirect to an attacker\u2011controlled website. This does not compromise the application\u2019s data or availability; the impact is limited to low confidentiality and integrity through potential phishing or drive\u2011by compromise.", "risk_and_exploitability": "With a CVSS score of 6.1, the flaw is classified as medium severity, and the EPSS score indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires no privileged access; a crafted link with altered query parameters is sufficient, making the attack straightforward for an unauthenticated attacker."}}}}, "created": "2026-02-10T15:37:21.410602+00:00", "updated": "2026-04-18T13:00:08.756158+00:00", "vendors": ["sap_se", "sap_se$PRODUCT$sap_document_management_system"]}