VYPR

SRM-MDM Catalog

by SAP

CVEs (3)

  • CVE-2018-2449HigAug 14, 2018
    risk 0.56cvss 8.6epss 0.02

    SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.

  • CVE-2018-2448MedAug 14, 2018
    risk 0.35cvss 5.3epss 0.01

    Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted.

  • CVE-2019-0361Sep 10, 2019
    risk 0.00cvss epss 0.01

    SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.