PatchSiren cyber security CVE debrief
CVE-2026-44757 SAP_SE CVE debrief
CVE-2026-44757 is a medium severity vulnerability in SAP Wily Introscope Enterprise Manager. An unauthenticated attacker can craft a specially crafted URL that, when accessed by a victim, injects a script that executes in the user's browser within the context of the application. This issue has a low impact on the confidentiality and integrity of the application with no impact on availability.
- Vendor
- SAP_SE
- Product
- SAP Wily Introscope Enterprise Manager
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of SAP Wily Introscope Enterprise Manager should apply patches or mitigations as available to prevent exploitation of this vulnerability.
Technical summary
The vulnerability has a CVSS score of 4.7 and is classified as CWE-79. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or mitigations as available from SAP.
- Review and restrict access to SAP Wily Introscope Enterprise Manager.
- Monitor for suspicious activity.
Evidence notes
Vendor: Unknown Vendor, Product: SAP Wily Introscope Enterprise Manager.
Official resources
CVE-2026-44757 was published on 2026-06-09T01:16:47.337Z and modified on 2026-06-09T02:08:28.150Z.