CVE-2026-0504 is a vulnerability classified under CWE-943 (Improper Neutralization of Special Elements in Data Query Logic) affecting SAP Identity Management REST interface versions IDM_CLM_REST_API 8.0 and IDMIC 8.0. The issue arises from insufficient input handling in the REST API, where specially crafted malicious requests submitted by authenticated administrators are processed by Java Naming and Directory Interface (JNDI) operations without adequate neutralization of special elements. This improper neutralization can lead to limited unauthorized disclosure or modification of data within the SAP Identity Management system. The vulnerability does not impact application availability. The CVSS 3.1 base score is 3.8 (low), reflecting that exploitation requires network access, low attack complexity, and high privileges (authenticated administrator), with no user interaction needed. The scope is unchanged, and the impact affects confidentiality and integrity to a limited extent. No patches are currently linked, and no known exploits have been reported in the wild. The vulnerability highlights the risk of insufficient input validation in critical identity management components, potentially allowing malicious administrators to manipulate data queries and affect sensitive identity data integrity and confidentiality.

For European organizations, the impact of CVE-2026-0504 is primarily on the confidentiality and integrity of identity management data within SAP Identity Management systems. Although the severity is low, unauthorized modification or disclosure of identity data can have cascading effects on access control, user provisioning, and compliance with data protection regulations such as GDPR. Organizations relying heavily on SAP Identity Management for critical identity lifecycle management may face risks of insider threats or compromised administrative accounts exploiting this vulnerability. The lack of availability impact reduces the risk of operational disruption, but data integrity issues could undermine trust in identity data and lead to privilege escalation or unauthorized access if combined with other vulnerabilities. Given the requirement for authenticated administrator privileges, the threat is mitigated by strong administrative access controls but remains a concern for environments with insufficient segregation of duties or weak credential management.

To mitigate CVE-2026-0504, European organizations should implement the following specific measures: 1) Enforce strict input validation and sanitization on all REST API requests, particularly those involving JNDI operations, to neutralize special characters and prevent injection attacks. 2) Restrict and monitor administrative access to SAP Identity Management REST interfaces, ensuring that only authorized personnel with a legitimate need have high-privilege accounts. 3) Implement robust logging and anomaly detection on REST API usage to identify suspicious or unusual administrative activities. 4) Apply the principle of least privilege and segregate duties among administrators to reduce the risk of malicious exploitation. 5) Regularly review and update SAP Identity Management configurations and access controls to align with security best practices. 6) Stay informed about SAP security advisories and apply patches promptly once available for this vulnerability. 7) Conduct periodic security assessments and penetration testing focusing on identity management components to detect potential weaknesses. These targeted actions go beyond generic advice by focusing on the REST API input handling, administrative access governance, and proactive monitoring.