CVE-2026-0510

LOW EPSS 2.3%

Published Jan 13, 20265mo ago · Modified Jun 17, 20261w ago

3.0 CVSS 3.1

Low

Published Jan 13, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application.

CVSS Details

Base Score

3.0

Exploitability

1.3

Impact

1.4

Vector string

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

Attack Vector Network

Attack Complexity High

Privileges Required High

User Interaction None

Scope Changed

Confidentiality Low

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

2.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-326

References 2

me.sap.com https://me.sap.com/notes/3593356
url.sap https://url.sap/sapsecuritypatchday

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.