Description
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope Server could execute OS commands on the victim's machine. This could completely compromising confidentiality, integrity and availability of the system.
Published: 2026-01-13
Score: 9.6 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A vulnerable third‑party component in SAP Wily Introscope Enterprise Manager enables any unauthenticated user to host a malicious JNLP file behind a public URL. When a victim opens that URL the server executes arbitrary OS commands on the client machine, effectively compromising confidentiality, integrity, and availability. The flaw is a classic code injection (CWE-94).

Affected Systems

SAP Wily Introscope Enterprise Manager (WorkStation) version 10.8 from vendor SAP is affected.

Risk and Exploitability

The CVSS score of 9.6 indicates critical severity, yet the EPSS score is under 1 %, suggesting low current exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. An attacker only needs to host the JNLP file on a publicly reachable URL and persuade a user to click it; no authentication or privileged access is required.

Generated by OpenCVE AI on April 18, 2026 at 16:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the SAP security patch referenced in Note 3668679 to update Introscope Enterprise Manager to a non‑vulnerable release.
  • If a patch is unavailable, block external access to the Introscope server’s JNLP endpoint using firewall or network policy, to prevent unauthenticated hosts from serving malicious files.
  • Monitor web traffic and Alert on requests for .jnlp files originating from unknown sources, and investigate any suspicious download events.

Generated by OpenCVE AI on April 18, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:sap:introscope_enterprise_manager:10.8:*:*:*:*:*:*:*

Tue, 13 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap introscope Enterprise Manager
Vendors & Products Sap
Sap introscope Enterprise Manager

Tue, 13 Jan 2026 01:45:00 +0000

Type Values Removed Values Added
Description Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope Server could execute OS commands on the victim's machine. This could completely compromising confidentiality, integrity and availability of the system.
Title Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Sap Introscope Enterprise Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-01-13T14:45:07.723Z

Reserved: 2025-12-09T22:06:41.322Z

Link: CVE-2026-0500

cve-icon Vulnrichment

Updated: 2026-01-13T14:45:04.536Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T02:15:52.633

Modified: 2026-01-22T18:47:22.450

Link: CVE-2026-0500

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:30:05Z

Weaknesses