Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver JAVA
CVE-2026-44746

6.1MEDIUM

Key Information:

Vendor

SAP

Vendor
CVE Published:
9 June 2026

What is CVE-2026-44746?

A reflected cross-site scripting vulnerability exists in SAP NetWeaver JAVA's JDBC Test Servlet that enables unauthenticated attackers to craft malicious URLs. Clicking such a link triggers the execution of harmful scripts within the victim's browser, potentially compromising sensitive information and altering the integrity of the web application while leaving its availability intact. This vulnerability highlights the importance of sanitizing user inputs to prevent malicious exploitation.

Affected Version(s)

SAP NetWeaver AS Java (JDBC Test Servlet) BI_UDI 7.50

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.