medium2026-06-09SAP Solution ManagerCVE-2026-44757

XSS via URL Parameter Encoding in SAP Wily Introscope Enterprise Manager

SAP Wily Introscope Enterprise Manager

Our Take

Wily Introscope is an APM tool used primarily by BASIS and development teams — limited attack surface. Medium severity and narrow audience. Include in your next Solution Manager maintenance cycle.

Vulnerability Detail

Cross-site scripting vulnerability in SAP Wily Introscope Enterprise Manager triggered via malicious URL parameter encoding. An attacker who can trick an authenticated user into visiting a crafted URL can execute scripts in the victim's browser context within the Introscope management console.

Patch Action

Apply SAP Note 3715280.

Affected Versions

SEM-WLY — see SAP Note for specific Introscope versions

Patch Info

CVSS Score

4.7

SAP Note

3715280 ↗

CVE

CVE-2026-44757

Published

2026-06-09

All content is editorial summary, not professional security advice. CVSS scores and SAP Note IDs are factual references. Patch timing is the responsibility of your security team based on your environment and SAP's official guidance.

← All patches