Vulnerabilities ›

CVE-2026-0500

Critical

SAP Wily Introscope Enterprise Manager Critical Remote Code Execution via Malicious JNLP

CWE-94 — Weakness Type

                    Published: Jan 13, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

9.6

🔗 NVD Official

📄 Description (English)

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope Server could execute OS commands on the victim's machine. This could completely compromising confidentiality, integrity and availability of the system.

🤖 AI Executive Summary

CVE-2026-0500 is a critical vulnerability in SAP Wily Introscope Enterprise Manager that allows unauthenticated attackers to execute arbitrary OS commands through malicious JNLP files. This vulnerability completely compromises system confidentiality, integrity, and availability when victims access crafted URLs.

📄 Description (Arabic)

تحتوي ثغرة CVE-2026-0500 على مكون طرف ثالث ضعيف في SAP Wily Introscope Enterprise Manager WorkStation يسمح لمهاجم غير مصرح بإنشاء ملف JNLP ضار يمكن الوصول إليه عبر عنوان URL عام. عند نقر الضحية على الرابط، يمكن لخادم Wily Introscope تنفيذ أوامر نظام التشغيل على جهاز الضحية مما يؤدي إلى اختراق كامل للنظام.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: Apr 12, 2026 09:30

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1203 T1559.003 T1059.001

⚖️ Saudi Risk Score (AI)

10.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update SAP Wily Introscope Enterprise Manager to the latest patched version. Disable or restrict access to JNLP file serving endpoints. Implement network segmentation to limit exposure of Wily Introscope servers. Apply strict input validation and disable Java Web Start if not required. Monitor for suspicious JNLP file access patterns and implement endpoint protection to detect malicious command execution.

🔧 خطوات المعالجة (العربية)

قم بتحديث SAP Wily Introscope Enterprise Manager فوراً إلى أحدث إصدار معدل. عطّل أو قيّد الوصول إلى نقاط نهاية خدمة ملفات JNLP. طبّق تقسيم الشبكة لتحديد التعرض لخوادم Wily Introscope. طبّق التحقق الصارم من المدخلات وعطّل Java Web Start إذا لم يكن مطلوباً. راقب أنماط الوصول المريبة لملفات JNLP وطبّق الحماية على نقاط النهاية.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.7.1.2 A.12.2.1 A.12.6.1

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.PT-1 DE.CM-1

🟡 ISO 27001:2022

A.5.1.1 A.6.1.1 A.7.1.1 A.12.2.1 A.12.6.1

🔗 References & Sources 2

🔗

https://me.sap.com/notes/3668679

cna@sap.com

Permissions Required

🔗

https://url.sap/sapsecuritypatchday

cna@sap.com

Patch Vendor Advisory

📦 Affected Products / CPE 1 entries

sap:introscope_enterprise_manager:10.8

📊 CVSS Score

9.6

/ 10.0 — Critical

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeC — Changed

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity Critical

CVSS Score9.6

CWECWE-94

EPSS0.11%

Exploit No

Patch ✓ Yes

Published 2026-01-13

Source Feed nvd

🇸🇦 Saudi Risk Score

10.0

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

patch-available CWE-94

🏢 Vendor Advisories

🔗 https://url.sap/sapsecuritypatchday

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-0500

Introduce Yourself

Sign In Required