プラットフォーム
sap
コンポーネント
sap-wily-introscope-enterprise-manager-workstation
修正版
10.8.1
CVE-2026-0500 is a critical Remote Code Execution (RCE) vulnerability affecting SAP Wily Introscope Enterprise Manager (WorkStation). This vulnerability allows an unauthenticated attacker to execute arbitrary operating system commands on the victim's machine through a crafted JNLP file. The vulnerability impacts versions 10.8 of the product and is resolved in version 10.8.1.
The impact of CVE-2026-0500 is severe. A successful exploit allows an attacker to gain complete control over the affected system. This includes the ability to read, modify, and delete sensitive data, install malware, and potentially pivot to other systems within the network. The attack vector involves crafting a malicious JNLP file and hosting it on a publicly accessible URL. When a user clicks on this URL, the Wily Introscope Server executes the attacker's commands, leading to full system compromise. This resembles previous JNLP-based exploitation techniques, highlighting the potential for widespread impact if unpatched systems remain exposed.
CVE-2026-0500 was publicly disclosed on January 13, 2026. Its criticality (CVSS 9.6) and the ease of exploitation (requiring no authentication) suggest a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the vulnerability's nature makes it a likely candidate for exploitation in the wild. It is recommended to prioritize patching to prevent potential compromise.
Organizations utilizing SAP Wily Introscope Enterprise Manager (WorkStation) version 10.8, particularly those with publicly accessible instances or those lacking robust network segmentation, are at significant risk. Shared hosting environments where multiple users share the same Wily Introscope Server are also particularly vulnerable.
• linux / server: Monitor system logs (journalctl) for unusual Java process activity or attempts to execute commands via JNLP.
journalctl -u java -g 'JNLP'• generic web: Use curl to check for publicly accessible JNLP files.
curl -I https://<your_wily_server>/<potential_jnlp_path>.jnlp• sap: Review SAP security audit logs for suspicious activity related to the Wily Introscope Server.
disclosure
エクスプロイト状況
EPSS
0.12% (31% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-0500 is to immediately upgrade SAP Wily Introscope Enterprise Manager (WorkStation) to version 10.8.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the Wily Introscope Server through a Web Application Firewall (WAF) or proxy, blocking access to potentially malicious JNLP files. Monitor network traffic for suspicious JNLP file downloads and execution attempts. Review and restrict user permissions to minimize the potential impact of a successful exploit.
SAPのノート3668679で提供されているセキュリティアップデートを適用してください。これにより、サードパーティコンポーネントの脆弱性が修正され、リモートコード実行が防止されます。詳細な適用手順については、SAPのドキュメントを参照してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-0500 is a critical Remote Code Execution vulnerability in SAP Wily Introscope Enterprise Manager (WorkStation) allowing attackers to execute OS commands via a malicious JNLP file.
Yes, if you are running SAP Wily Introscope Enterprise Manager (WorkStation) version 10.8, you are affected by this vulnerability.
Upgrade to version 10.8.1 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like WAF rules.
While no public exploit is currently available, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation in the wild.
Refer to the official SAP Security Advisory for detailed information and remediation steps: [https://www.sap.com/security/bulletins.html](https://www.sap.com/security/bulletins.html)