CVE Catalog

CVE-2026-44757

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Summary

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user’s browser within the context of the application.

Risk Assessment

This issue has a low impact on the confidentiality and integrity of the application with no impact on availability. However, it may lead to unauthorized code execution in the user's browser.

Recommendation

It is recommended to monitor and restrict access to the application and implement input validation to minimize the risk of exploitation of this vulnerability.

Original NVD description (English source)

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the confidentiality and integrity of the application with no impact on availability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS