CVE-2026-0514

Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, impacting confidentiality and integrity, with no effect on availability.
References
Link Resource
https://me.sap.com/notes/3666061 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:business_connector:4.8:*:*:*:*:*:*:*

History

17 Jun 2026, 10:10

Type Values Removed Values Added
Summary
  • (es) Debido a una vulnerabilidad de cross-site scripting (XSS) en SAP Business Connector, un atacante no autenticado podría crear un enlace malicioso. Cuando un usuario desprevenido hace clic en este enlace, el usuario podría ser redirigido a un sitio controlado por el atacante. La explotación exitosa podría permitir al atacante acceder o modificar información relacionada con el cliente web, lo que afectaría la confidencialidad y la integridad, sin efecto en la disponibilidad.

16 Jan 2026, 16:53

Type Values Removed Values Added
References () https://me.sap.com/notes/3666061 - () https://me.sap.com/notes/3666061 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory
CPE cpe:2.3:a:sap:business_connector:4.8:*:*:*:*:*:*:*
First Time Sap
Sap business Connector

13 Jan 2026, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-13 02:15

Updated : 2026-06-17 10:10


NVD link : CVE-2026-0514

Mitre link : CVE-2026-0514

CVE.ORG link : CVE-2026-0514


JSON object : View

Products Affected

sap

  • business_connector
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')