Description
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.
Published: 2026-02-10
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Open Redirect
Action: Patch
AI Analysis

Impact

The vulnerability affects the Business Services Portal (BSP) applications within SAP Document Management System. An unauthenticated user can modify URL parameters that the application does not validate, which allows the attacker to force a client browser to redirect to an attacker‑controlled website. This does not compromise the application’s data or availability; the impact is limited to low confidentiality and integrity through potential phishing or drive‑by compromise.

Affected Systems

SAP Document Management System versions 600, 602, 603, 604, 605, 606, and 617, as well as SAP ERP 618 and SAP S4Core 102 through 108, are all affected. Any installation that has not applied the latest security updates to its BSP components remains vulnerable.

Risk and Exploitability

With a CVSS score of 6.1, the flaw is classified as medium severity, and the EPSS score indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires no privileged access; a crafted link with altered query parameters is sufficient, making the attack straightforward for an unauthenticated attacker.

Generated by OpenCVE AI on April 18, 2026 at 12:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the SAP security update referenced in SAP Note 3678417 and the SAP Security Patch Day to upgrade the affected BSP components.
  • Verify that all user‑controlled URL parameters in the BSP applications are required to go through strict validation and encoding steps before being used in redirects.
  • Perform a focused vulnerability review or penetration test on the BSP URL handling logic to confirm that the open redirect issue has been fully remediated.

Generated by OpenCVE AI on April 18, 2026 at 12:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap document Management System
Sap erp
Sap s4core
CPEs cpe:2.3:a:sap:document_management_system:600:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_management_system:602:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_management_system:603:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_management_system:604:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_management_system:605:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_management_system:606:*:*:*:*:*:*:*
cpe:2.3:a:sap:document_management_system:617:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp:618:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:108:*:*:*:*:*:*:*
Vendors & Products Sap
Sap document Management System
Sap erp
Sap s4core

Tue, 10 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Sap Se
Sap Se sap Document Management System
Vendors & Products Sap Se
Sap Se sap Document Management System

Tue, 10 Feb 2026 03:45:00 +0000

Type Values Removed Values Added
Description The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.
Title Multiple vulnerabilities in BSP Applications of SAP Document Management System
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Sap Document Management System Erp S4core
Sap Se Sap Document Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-02-10T16:28:31.245Z

Reserved: 2025-12-09T22:06:45.302Z

Link: CVE-2026-0505

cve-icon Vulnrichment

Updated: 2026-02-10T16:28:27.821Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T04:16:02.030

Modified: 2026-02-17T16:06:27.080

Link: CVE-2026-0505

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:00:08Z

Weaknesses