CVE-2026-0500 | THREATINT

Description

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope Server could execute OS commands on the victim's machine. This could completely compromising confidentiality, integrity and availability of the system.

PUBLISHED Reserved 2025-12-09 | Published 2026-01-13 | Updated 2026-01-13 | Assigner sap

CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-94: Improper Control of Generation of Code

Product status

Default status

unaffected

WILY_INTRO_ENTERPRISE 10.8

affected

References

me.sap.com/notes/3668679

url.sap/sapsecuritypatchday

cve.org (CVE-2026-0500)

nvd.nist.gov (CVE-2026-0500)

Download JSON