{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0510", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-12-09T22:06:49.250Z", "datePublished": "2026-01-13T01:15:43.846Z", "dateUpdated": "2026-01-13T18:26:48.509Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NW AS Java UME User Mapping", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "ENGINEAPI 7.50"}, {"status": "affected", "version": "SERVERCORE 7.50"}, {"status": "affected", "version": "UMEADMIN 7.50"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application.</p>"}], "value": "The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-326", "description": "CWE-326: Inadequate Encryption Strength", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-01-13T01:15:43.846Z"}, "references": [{"url": "https://me.sap.com/notes/3593356"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-13T18:17:58.478110Z", "id": "CVE-2026-0510", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T18:26:48.509Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0510", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-13T18:17:58.478110Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T18:19:19.054Z"}}], "cna": {"title": "Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 3, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "NW AS Java UME User Mapping", "versions": [{"status": "affected", "version": "ENGINEAPI 7.50"}, {"status": "affected", "version": "SERVERCORE 7.50"}, {"status": "affected", "version": "UMEADMIN 7.50"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3593356"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-326", "description": "CWE-326: Inadequate Encryption Strength"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-01-13T01:15:43.846Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0510", "state": "PUBLISHED", "dateUpdated": "2026-01-13T18:26:48.509Z", "dateReserved": "2025-12-09T22:06:49.250Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-01-13T01:15:43.846Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application."}, {"lang": "es", "value": "El User Management Engine (UME) en NetWeaver Servidor de Aplicaciones para Java (NW AS Java) utiliza un algoritmo criptogr\u00e1fico obsoleto para cifrar datos de mapeo de usuarios. Esta debilidad podr\u00eda permitir a un atacante con acceso de altos privilegios explotar la vulnerabilidad bajo condiciones espec\u00edficas, lo que podr\u00eda llevar a la divulgaci\u00f3n parcial de informaci\u00f3n sensible. Esto tiene bajo impacto en la confidencialidad, sin impacto en la integridad y disponibilidad de la aplicaci\u00f3n."}], "id": "CVE-2026-0510", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-01-13T02:15:53.597", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3593356"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T06:47:58.609142+00:00", "value": {"mitigation_remediation": ["Apply the SAP Note\u202f3593356 updates that replace the obsolete encryption algorithm in NW\u202fAS\u202fJava UME.", "Reconfigure UME to use a secure, modern encryption algorithm and ensure the configuration is enforced.", "Reduce the privileges of accounts with access to UME, and monitor for unusual activity."], "summary": {"action": "Patch", "impact": "Partial data disclosure through obsolete encryption"}, "threat_synthesis": {"affected_systems": "This vulnerability affects the SAP NetWeaver Application Server for Java (NW AS Java) component known as User Mapping (UME). All versions of this product that rely on the specified old encryption algorithm are impacted; specific version information is not provided in the advisory.", "description_and_impact": "The User Management Engine in SAP NetWeaver Application Server for Java uses an outdated cryptographic algorithm to encrypt user mapping data, a weakness classified as improper encryption strength. This flaw can permit an attacker with elevated privileges, preferably those with local or otherwise high-level access, to partially reveal encrypted data. Consequently, confidentiality is at risk, while integrity and availability remain unaffected.", "risk_and_exploitability": "The CVSS score of 3 indicates low severity, and the EPSS score of less than one percent suggests a very low probability of exploitation in the wild. The weakness is not listed in the CISA KEV catalog. Exploitation requires high-privileged access, making the attack vector likely internal or through compromised administrative accounts, rather than remote."}}}}, "created": "2026-01-13T09:27:06.439413+00:00", "updated": "2026-04-18T07:00:11.339787+00:00", "vendors": ["sap", "sap$PRODUCT$java_as"]}