Business Connector
CVE-2026-0514
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, impacting confidentiality and integrity, with no effect on availability.
AnalysisAI
Reflected XSS in SAP Business Connector enables unauthenticated attackers to craft malicious links that redirect users to attacker-controlled sites, potentially compromising webclient confidentiality and integrity when victims click the link. The vulnerability requires user interaction and has no available patch, making client-side awareness critical for mitigation.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Business Connector. Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, impacting confidentiality and integrity, with no effect on availability.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More in Business Connector
View allDue to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adja
Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL
Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative ac
Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today