CVE-2026-0513

Summary

Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Supplier Relationship Management (SICF Handler in SRM Catalog)SRM_SERVER 700affected
SAP_SESAP Supplier Relationship Management (SICF Handler in SRM Catalog)701affected
SAP_SESAP Supplier Relationship Management (SICF Handler in SRM Catalog)702affected
SAP_SESAP Supplier Relationship Management (SICF Handler in SRM Catalog)713affected
SAP_SESAP Supplier Relationship Management (SICF Handler in SRM Catalog)714affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References