Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3838 articles · 175945 vulns · 37/41 feeds (7d)
← Back to list
8.2
CVE-2026-44752EXPLOITED
sap · sap netweaver application server java(configuration wizard)

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)

Description

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data displayed in the client�s browser. This results in a high impact on confidentiality, low impact on integrity with no impact on availability of the application.

Affected Products

VendorProductVersions
sapsap netweaver application server java(configuration wizard)LMCTC 7.50

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
sapsap softwarecert_advisory90%

References

  • https://me.sap.com/notes/3748227
  • https://url.sap/sapsecuritypatchday

Related News (3 articles)

Tier B
BSI Advisories11h ago
[NEU] [hoch] SAP Patch Day Juli 2026
→ No new info (linked only)
Tier D
Heise Security13h ago
SAP-Patchday: Teils kritische Sicherheitslücken in mehreren Produkten gefixt
→ No new info (linked only)
Tier C
VulDB21h ago
CVE-2026-44752 | SAP NetWeaver Application Server Java LMCTC 7.50 URL injection
→ No new info (linked only)
CVSS 3.18.2 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-79
PublishedJul 14, 2026
Last enriched20h agov2
Trending Score59
Source articles3
Independent3
Info Completeness8/14
Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-44747EXP
Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP
Trending: 75
CRITICALCVE-2026-44761EXP
Insecure Sample Credentials in SAP Commerce Cloud
Trending: 61
CRITICALCVE-2026-44745EXP
Open Redirect vulnerability in SAP Approuter
Trending: 61
CRITICALCVE-2026-40128
Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container)
Trending: 59
CRITICALCVE-2026-27690
HTTP Request Smuggling in SAP Approuter
Trending: 51

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: severity, activelyExploited
Jul 14, 2026
Actively Exploited
Jul 14, 2026

Version History

v2
Last enriched 20h ago
v2Tier C20h ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited
via VulDB
v120h ago

Initial creation