CVE-2026-0505— Multiple vulnerabilities in BSP Applications of SAP Document Management System
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-0505
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Multiple vulnerabilities in BSP Applications of SAP Document Management System
Source: NVD (National Vulnerability Database)
Vulnerability Description
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP E-Recruiting BSP 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP E-Recruiting BSP是德国思爱普(SAP)公司的一个招聘流程管理模块。 SAP E-Recruiting BSP存在跨站脚本漏洞,该漏洞源于用户控制的URL参数验证不足,可能导致未经验证的重定向到攻击者控制的网站。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP_SE | SAP Document Management System | SAP_APPL 618 | - |
II. Public POCs for CVE-2026-0505
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-0505
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2026-02-10 · 26 CVEs total
| CVE-2026-0488 | 9.9 CRITICAL | Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor) |
| CVE-2026-0509 | 9.6 CRITICAL | Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2026-23687 | 8.8 HIGH | XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform |
| CVE-2026-24322 | 7.7 HIGH | Missing Authorization check in SAP Solution Tools Plug-In (ST-PI) |
| CVE-2026-23689 | 7.7 HIGH | Denial of service (DOS) in SAP Supply Chain Management |
| CVE-2026-0485 | 7.5 HIGH | Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform |
| CVE-2026-0490 | 7.5 HIGH | Denial of service (DOS) in SAP BusinessObjects BI Platform |
| CVE-2026-0508 | 7.3 HIGH | Open Redirect vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2026-0484 | 6.5 MEDIUM | Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA |
| CVE-2026-24324 | 6.5 MEDIUM | Denial of service (DOS) vulnerability in SAP BusinessObjects Business Intelligence Platfor |
| CVE-2026-24328 | 6.1 MEDIUM | Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER) |
| CVE-2026-24323 | 6.1 MEDIUM | Multiple vulnerabilities in BSP Applications of SAP Document Management System |
| CVE-2026-23684 | 5.9 MEDIUM | Race condition vulnerability in SAP Commerce Cloud |
| CVE-2026-24319 | 5.8 MEDIUM | Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files) |
| CVE-2026-24321 | 5.3 MEDIUM | Information Disclosure vulnerability in SAP Commerce Cloud |
| CVE-2026-24312 | 5.2 MEDIUM | Missing authorization check in SAP Business Workflow |
| CVE-2026-0486 | 5.0 MEDIUM | Missing Authorization Check in ABAP based SAP systems |
| CVE-2026-24325 | 4.8 MEDIUM | Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Manage |
| CVE-2026-23685 | 4.4 MEDIUM | Insecure Deserialization vulnerability in SAP NetWeaver (JMS service) |
| CVE-2026-23688 | 4.3 MEDIUM | Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services) |
Showing top 20 of 26 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: SAP_SE
- CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and - CVE-2026-34261
Missing Authorization check in SAP Business Analytics and SA - CVE-2026-34257
Open Redirect vulnerability in SAP NetWeaver Application Ser - CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Pri
Same weakness: CWE-79
- CVE-2026-8262
Devs Palace ERP Online chart-save cross site scripting - CVE-2026-8256
Devs Palace ERP Online mr-save cross site scripting - CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting
V. Comments for CVE-2026-0505
No comments yet