Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)

9.6 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope Server could execute OS commands on the victim's machine. This could completely compromising confidentiality, integrity and availability of the system.

AI Analysis

Remote code execution vulnerability in SAP Wily Introscope Enterprise Manager (WorkStation) due to a vulnerable third-party component, allowing unauthenticated attackers to execute OS commands on the victim's machine.

Basic Information

ID CVE-2026-0500

Source sap

Published Jan 13, 2026 at 01:13

Affected Product

Vendor SAP_SE

Product SAP Wily Introscope Enterprise Manager (WorkStation)

Version WILY_INTRO_ENTERPRISE 10.8

Affected Versions SAP_SE SAP Wily Introscope Enterprise Manager (WorkStation) WILY_INTRO_ENTERPRISE 10.8

CWE Classification

CWE-94

AI Assessment

AI Score 9.6 / 10

AI Severity Critical

Vendor SAP

Product Wily Introscope Enterprise Manager (WorkStation)

Version WILY_INTRO_ENTERPRISE 10.8

References

{
    "lastseen": "",
    "description": "Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope Server could execute OS commands on the victim's machine. This could completely compromising confidentiality, integrity and availability of the system.",
    "published": "2026-01-13T01:13:57.659Z",
    "modified": "2026-01-13T01:13:57.659Z",
    "type": "cve",
    "title": "Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3668679\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-0500",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Wily Introscope Enterprise Manager (WorkStation) WILY_INTRO_ENTERPRISE 10.8",
    "sourceHref": "",
    "cvss": {
        "score": 9.6,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Wily Introscope Enterprise Manager (WorkStation)",
    "version": "WILY_INTRO_ENTERPRISE 10.8",
    "vendor": "SAP_SE",
    "ai_description": "Remote code execution vulnerability in SAP Wily Introscope Enterprise Manager (WorkStation) due to a vulnerable third-party component, allowing unauthenticated attackers to execute OS commands on the victim's machine.",
    "ai_severity": "Critical",
    "ai_vendor": "SAP",
    "ai_product": "Wily Introscope Enterprise Manager (WorkStation)",
    "ai_version": "WILY_INTRO_ENTERPRISE 10.8",
    "ai_score": 9.6
}

Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)_CVE-2026-0500