Sap Supplier Relationship Management vulnerabilities

CVE-2026-0513 [MEDIUM] CWE-601 CVE-2026-0513: Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM C Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted.

CVE-2025-42920 [MEDIUM] CWE-79 CVE-2025-42920: Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an un Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim clicks on the link, the injected input is processed during the page generation, resulting in the execution of malicious content. This exe

CVE-2025-30012 [CRITICAL] CWE-502 CVE-2025-30012: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this malicious request which will result in deserialization of data in the application leading to exec

CVE-2025-30018 [HIGH] CWE-611 CVE-2025-30018: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated att The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and

CVE-2025-30010 [MEDIUM] CWE-601 CVE-2025-30010: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successful exploitation, the attacker could cause low impact

CVE-2025-30009 [MEDIUM] CWE-79 CVE-2025-30009: he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and integrity within the scope of that victim�s browser, with n

CVE-2025-30011 [MEDIUM] CWE-497 CVE-2025-30011: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confid

CVE-2023-39436 [MEDIUM] CWE-306 CVE-2023-39436: SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an una SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.

CVE-2019-0361 [MEDIUM] CWE-79 CVE-2019-0361: SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.