Cross-Site Scripting (XSS) vulnerability in SAP Wily Introscope Enterprise Manager
CVE-2026-44757

4.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Wily Introscope Enterprise Manager
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-44757?

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the confidentiality and integrity of the application with no impact on availability.

Affected Version(s)

SAP Wily Introscope Enterprise Manager WILY_INTRO_ENTERPRISE 10.8

References

https://me.sap.com/notes/3715280

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44757 Data

JSON