SAP Identity Management
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in SAP Identity Management.
By the Year
In 2026 there have been 1 vulnerability in SAP Identity Management with an average score of 3.8 out of ten. Identity Management did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 3.80 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 0.00 |
| 2019 | 1 | 8.80 |
| 2018 | 2 | 5.35 |
It may take a day or so for new Identity Management vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Identity Management Security Vulnerabilities
SAP IDM REST JNDI RCE via Malicious Input
CVE-2026-0504
3.8 - Low
- January 13, 2026
Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. This may lead to limited disclosure or modification of data, resulting in low impact on confidentiality and integrity, with no impact on application availability.
Improper Neutralization of Special Elements in Data Query Logic
SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user
CVE-2020-6258
- May 12, 2020
SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check.
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2
CVE-2019-0301
8.8 - High
- May 14, 2019
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.
Improper Privilege Management
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted
CVE-2018-2416
5.4 - Medium
- May 09, 2018
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.
Improper Input Validation
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII)
CVE-2018-2417
5.3 - Medium
- May 09, 2018
Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Identity Management or by SAP? Click the Watch button to subscribe.
