CVE-2026-0505 PUBLISHED

Multiple vulnerabilities in BSP Applications of SAP Document Management System

Assigner: sap
Reserved: 09.12.2025 Published: 10.02.2026 Updated: 10.02.2026

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS Score: 6.1

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP Document Management System
Versions	Default: unaffected Version SAP_APPL 618 is affected Version S4CORE 102 is affected Version 103 is affected Version 104 is affected Version 105 is affected Version 106 is affected Version 107 is affected Version 108 is affected Version 109 is affected Version EA-APPL 600 is affected Version 602 is affected Version 603 is affected Version 604 is affected Version 605 is affected Version 606 is affected Version 617 is affected

CVE-2026-0505 PUBLISHED

Multiple vulnerabilities in BSP Applications of SAP Document Management System

Metrics

Product Status

References

Problem Types