CVE-2026-0504

Insufficient Input Handling in JNDI Operations of SAP Identity Management

Description

Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification of data, resulting in low impact on confidentiality and integrity, with no impact on application availability.

INFO

Published Date :

2026-01-13T01:14:27.040Z

Last Modified :

2026-01-13T01:14:27.040Z

Source :

sap

AFFECTED PRODUCTS

The following products are affected by CVE-2026-0504 vulnerability.

Vendors	Products
Sap	Identity Management

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-0504.

URL	Resource
https://me.sap.com/notes/3657998
https://url.sap/sapsecuritypatchday

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact