CVE-2026-44757

Vulnerability

SAP Wily Introscope Enterprise Manager is affected by a vulnerability that allows an unauthenticated attacker to inject a script into a specially crafted URL. When a victim accesses this URL, the script executes within the user's browser in the context of the application. The specific conditions required for this vulnerability to be triggered are not detailed in the available references, but it affects SAP Wily Introscope Enterprise Manager.

Exploitation

An unauthenticated attacker can exploit this vulnerability by crafting a malicious URL containing an injected script. This URL must then be accessed by a victim user. No other prerequisites such as network position, authentication, or write access are mentioned in the available references.

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary scripts within the victim's browser context. This has a low impact on the confidentiality and integrity of the application, with no impact on its availability. The exact scope of the compromise is not specified beyond the user's browser context.

Mitigation

Information regarding a fixed version or release date for this vulnerability is not yet disclosed in the available references. SAP typically releases security corrections on its monthly SAP Security Patch Day [1]. Customers are advised to implement these corrections with priority. Workarounds are not yet disclosed.