CVE-2026-0510

{"id": "CVE-2026-0510", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.0, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.3}]}, "published": "2026-01-13T02:15:53.597", "references": [{"url": "https://me.sap.com/notes/3593356", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attacker with high-privileged access to exploit the vulnerability under specific conditions potentially leading to partial disclosure of sensitive information.This has low impact on confidentiality with no impact on integrity and availability of the application."}, {"lang": "es", "value": "El User Management Engine (UME) en NetWeaver Servidor de Aplicaciones para Java (NW AS Java) utiliza un algoritmo criptogr\u00e1fico obsoleto para cifrar datos de mapeo de usuarios. Esta debilidad podr\u00eda permitir a un atacante con acceso de altos privilegios explotar la vulnerabilidad bajo condiciones espec\u00edficas, lo que podr\u00eda llevar a la divulgaci\u00f3n parcial de informaci\u00f3n sensible. Esto tiene bajo impacto en la confidencialidad, sin impacto en la integridad y disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cna@sap.com"}