Weakness in Cryptographic Algorithm of User Management Engine in NetWeaver Application Server for Java
CVE-2026-0510

3LOW

Key Information:

Vendor

SAP
Status
Nw As Java Ume User Mapping
Vendor
CVE Published:
13 January 2026

What is CVE-2026-0510?

The User Management Engine (UME) in the NetWeaver Application Server for Java employs an outdated cryptographic algorithm for encrypting User Mapping data. This vulnerability can be exploited by an attacker with high-privileged access, under specific conditions, potentially leading to a partial disclosure of sensitive data. While the impact on confidentiality is limited, the integrity and availability of the application remain unaffected. Organizations using this software should assess their systems and apply necessary security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

NW AS Java UME User Mapping ENGINEAPI 7.50

NW AS Java UME User Mapping SERVERCORE 7.50

NW AS Java UME User Mapping UMEADMIN 7.50

References

https://me.sap.com/notes/3593356
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.