CVE-2026-0510

LOW

NetWeaver Application Server for Java - Info Disclosure

Title source: llm

Description

The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3593356

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 3.0

EPSS 0.0002

EPSS Percentile 3.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-326

Status published

Products (3)

SAP_SE/NW AS Java UME User Mapping ENGINEAPI 7.50

SAP_SE/NW AS Java UME User Mapping SERVERCORE 7.50

SAP_SE/NW AS Java UME User Mapping UMEADMIN 7.50

Published Jan 13, 2026

Tracked Since Feb 18, 2026