CVE-2026-0510

LOW

NetWeaver Application Server for Java - Info Disclosure

Title source: llm

Description

The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3593356

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 3.0

EPSS 0.0001

EPSS Percentile 3.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

Classification

CWE

CWE-326

Status draft

Timeline

Published Jan 13, 2026

Tracked Since Feb 18, 2026