Vulnerability Details CVE-2026-0505
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.6%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2026-0505
-
cpe:2.3:a:sap:document_management_system:600
-
cpe:2.3:a:sap:document_management_system:602
-
cpe:2.3:a:sap:document_management_system:603
-
cpe:2.3:a:sap:document_management_system:604
-
cpe:2.3:a:sap:document_management_system:605
-
cpe:2.3:a:sap:document_management_system:606
-
cpe:2.3:a:sap:document_management_system:617
-
cpe:2.3:a:sap:erp:618
-
cpe:2.3:a:sap:s4core:102
-
cpe:2.3:a:sap:s4core:103
-
cpe:2.3:a:sap:s4core:104
-
cpe:2.3:a:sap:s4core:105
-
cpe:2.3:a:sap:s4core:106
-
cpe:2.3:a:sap:s4core:107
-
cpe:2.3:a:sap:s4core:108