CVE-2026-0504Improper Neutralization of Special Elements in Data Query Logic in SE SAP Identity Management

CWE-943Improper Neutralization of Special Elements in Data Query Logic3 documents3 sources
Severity
3.8LOWNVD
EPSS
0.0%
top 88.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Identity Management
Timeline
PublishedJan 13

Description

Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification of data, resulting in low impact on confidentiality and integrity, with no impact on application availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages1 packages

CVEListV5sap_se/sap_identity_managementIDMIC 8.0, IDM_CLM_REST_API 8.0+1

🔴Vulnerability Details

2
GHSA
GHSA-jm7g-m582-79q7: Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malic2026-01-13
CVEList
Insufficient Input Handling in JNDI Operations of SAP Identity Management2026-01-13
CVE-2026-0504 — LOW severity | cvebase