平台
sap
组件
sap-wily-introscope-enterprise-manager-workstation
修复版本
10.8.1
CVE-2026-0500 is a critical Remote Code Execution (RCE) vulnerability affecting SAP Wily Introscope Enterprise Manager (WorkStation). This vulnerability allows an unauthenticated attacker to execute arbitrary operating system commands on the victim's machine through a crafted JNLP file. The vulnerability impacts versions 10.8 of the product and is resolved in version 10.8.1.
The impact of CVE-2026-0500 is severe. A successful exploit allows an attacker to gain complete control over the affected system. This includes the ability to read, modify, and delete sensitive data, install malware, and potentially pivot to other systems within the network. The attack vector involves crafting a malicious JNLP file and hosting it on a publicly accessible URL. When a user clicks on this URL, the Wily Introscope Server executes the attacker's commands, leading to full system compromise. This resembles previous JNLP-based exploitation techniques, highlighting the potential for widespread impact if unpatched systems remain exposed.
CVE-2026-0500 was publicly disclosed on January 13, 2026. Its criticality (CVSS 9.6) and the ease of exploitation (requiring no authentication) suggest a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the vulnerability's nature makes it a likely candidate for exploitation in the wild. It is recommended to prioritize patching to prevent potential compromise.
Organizations utilizing SAP Wily Introscope Enterprise Manager (WorkStation) version 10.8, particularly those with publicly accessible instances or those lacking robust network segmentation, are at significant risk. Shared hosting environments where multiple users share the same Wily Introscope Server are also particularly vulnerable.
• linux / server: Monitor system logs (journalctl) for unusual Java process activity or attempts to execute commands via JNLP.
journalctl -u java -g 'JNLP'• generic web: Use curl to check for publicly accessible JNLP files.
curl -I https://<your_wily_server>/<potential_jnlp_path>.jnlp• sap: Review SAP security audit logs for suspicious activity related to the Wily Introscope Server.
disclosure
漏洞利用状态
EPSS
0.12% (31% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-0500 is to immediately upgrade SAP Wily Introscope Enterprise Manager (WorkStation) to version 10.8.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the Wily Introscope Server through a Web Application Firewall (WAF) or proxy, blocking access to potentially malicious JNLP files. Monitor network traffic for suspicious JNLP file downloads and execution attempts. Review and restrict user permissions to minimize the potential impact of a successful exploit.
根据 SAP 笔记 3668679 应用 SAP 提供的安全更新。这将修复第三方组件中的漏洞并防止远程代码执行。请参阅 SAP 文档以获取有关如何应用更新的详细说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-0500 is a critical Remote Code Execution vulnerability in SAP Wily Introscope Enterprise Manager (WorkStation) allowing attackers to execute OS commands via a malicious JNLP file.
Yes, if you are running SAP Wily Introscope Enterprise Manager (WorkStation) version 10.8, you are affected by this vulnerability.
Upgrade to version 10.8.1 or later to remediate the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like WAF rules.
While no public exploit is currently available, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation in the wild.
Refer to the official SAP Security Advisory for detailed information and remediation steps: [https://www.sap.com/security/bulletins.html](https://www.sap.com/security/bulletins.html)