SAP

Supplier Relationship Management

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.1%
  • Published 09.09.2025 02:15:40
  • Last modified 09.09.2025 16:28:43

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim clicks on the link, the injected in...

Media report
  • EPSS 0.2%
  • Published 13.05.2025 00:19:01
  • Last modified 13.05.2025 19:35:18

SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the a...

Media report
  • EPSS 0.11%
  • Published 13.05.2025 00:16:20
  • Last modified 13.05.2025 19:35:25

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. Thi...

  • EPSS 0.28%
  • Published 13.05.2025 00:14:21
  • Last modified 07.07.2025 15:15:24

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode thi...

  • EPSS 0.07%
  • Published 13.05.2025 00:13:16
  • Last modified 13.05.2025 19:35:25

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disc...

  • EPSS 0.15%
  • Published 13.05.2025 00:13:04
  • Last modified 13.05.2025 19:35:25

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redire...

  • EPSS 0.21%
  • Published 13.05.2025 00:12:52
  • Last modified 13.05.2025 19:35:25

he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerab...

  • EPSS 0.41%
  • Published 11.02.2025 01:15:12
  • Last modified 18.02.2025 18:15:35

SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive...

  • EPSS 0.17%
  • Published 08.08.2023 01:15:19
  • Last modified 21.11.2024 08:15:25

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information ...

  • EPSS 0.31%
  • Published 10.09.2019 17:15:11
  • Last modified 21.11.2024 04:16:44

SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.