{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T20:56:16.881","vulnerabilities":[{"cve":{"id":"CVE-2026-0505","sourceIdentifier":"cna@sap.com","published":"2026-02-10T04:16:02.030","lastModified":"2026-02-17T16:06:27.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application."},{"lang":"es","value":"Las aplicaciones BSP permiten a un usuario no autenticado manipular parámetros URL controlados por el usuario que no están suficientemente validados. Esto podría resultar en una redirección no validada a sitios web controlados por el atacante, lo que conlleva un impacto bajo en la confidencialidad y la integridad, y ningún impacto en la disponibilidad de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"cna@sap.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:document_management_system:600:*:*:*:*:*:*:*","matchCriteriaId":"FD522469-1153-4A3C-9271-2338A5674BDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:document_management_system:602:*:*:*:*:*:*:*","matchCriteriaId":"D355E922-5592-41C7-ACE4-311044B9E8C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:document_management_system:603:*:*:*:*:*:*:*","matchCriteriaId":"1E8A41C8-812E-4319-B515-CF9F030DAA19"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:document_management_system:604:*:*:*:*:*:*:*","matchCriteriaId":"4B470B7D-486C-43B0-B9B0-AC0A16034A01"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:document_management_system:605:*:*:*:*:*:*:*","matchCriteriaId":"0024390E-91C7-48B5-8E04-265E9E6D4E75"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:document_management_system:606:*:*:*:*:*:*:*","matchCriteriaId":"133C3E0D-2D67-479A-A678-07EB04244BCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:document_management_system:617:*:*:*:*:*:*:*","matchCriteriaId":"D7E1D717-FA00-47D5-94B6-E818848890C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:erp:618:*:*:*:*:*:*:*","matchCriteriaId":"4573BD22-D50B-431E-928A-C495E342D1AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s4core:102:*:*:*:*:*:*:*","matchCriteriaId":"04C95A73-48EB-446C-A5F0-20E1D6BC1779"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s4core:103:*:*:*:*:*:*:*","matchCriteriaId":"1C3C9003-68A6-4886-8979-9B7D01A35E40"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s4core:104:*:*:*:*:*:*:*","matchCriteriaId":"964023CE-6EA4-42BB-93B2-DCE6B36D3F89"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s4core:105:*:*:*:*:*:*:*","matchCriteriaId":"84B775EF-6C11-4FAB-B5E7-8F6C4C5674BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s4core:106:*:*:*:*:*:*:*","matchCriteriaId":"14D17245-5B6D-4024-AFA6-8E0A70B294BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s4core:107:*:*:*:*:*:*:*","matchCriteriaId":"5DEFABE8-1797-4C7B-941C-3205AE90914B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s4core:108:*:*:*:*:*:*:*","matchCriteriaId":"78832FB6-B1DD-4516-B1DF-D90BB58BF25A"}]}]}],"references":[{"url":"https://me.sap.com/notes/3678417","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Vendor Advisory"]}]}}]}