VDB

CVE-2026-0505

CVE-2026-0505 PUBLISHED CVSS 6.099999904632568 MEDIUM

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

EPSS 0.03% · 10.6th percentile

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.03%
10.6th percentile

Affected Products

VendorProductVersions
SAP_SESAP Document Management System*, SAP_APPL 618, S4CORE 102
sapdocument_management_system603, 605, 617
saperp618
saps4core102, 108, 105

Timeline

  • Feb 10, 2026 CVE Published
  • Feb 10, 2026 EPSS Score
  • Feb 12, 2026 EPSS Score
  • Feb 14, 2026 EPSS Score
  • Feb 16, 2026 EPSS Score
  • Feb 18, 2026 EPSS Score
  • Feb 20, 2026 EPSS Score
  • Feb 22, 2026 EPSS Score
  • Feb 24, 2026 EPSS Score
  • Feb 26, 2026 EPSS Score
  • Feb 28, 2026 EPSS Score
  • Mar 2, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›