VYPR

Supplier Relationship Management

by SAP

CVEs (15)

  • CVE-2025-42910CriOct 14, 2025
    risk 0.59cvss 9.0epss 0.00

    Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host malware. On successful…

  • CVE-2025-25243HigFeb 11, 2025
    risk 0.56cvss 8.6epss 0.01

    SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive information with no impact…

  • CVE-2018-2449HigAug 14, 2018
    risk 0.56cvss 8.6epss 0.02

    SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.

  • CVE-2026-0512MedApr 14, 2026
    risk 0.40cvss 6.1epss 0.00

    Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's…

  • CVE-2025-43006MedMay 13, 2025
    risk 0.40cvss 6.1epss 0.00

    SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the…

  • CVE-2026-0513Jan 13, 2026
    risk 0.00cvss epss 0.00

    Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity…

  • CVE-2025-42920Sep 9, 2025
    risk 0.00cvss epss 0.00

    Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim clicks on the link, the injected input is processed during the…

  • CVE-2025-30018May 13, 2025
    risk 0.00cvss epss 0.00

    The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high…

  • CVE-2025-30012May 13, 2025
    risk 0.00cvss epss 0.01

    The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this malicious request which…

  • CVE-2025-30011May 13, 2025
    risk 0.00cvss epss 0.00

    The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version…

  • CVE-2025-30010May 13, 2025
    risk 0.00cvss epss 0.00

    The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a…

  • CVE-2025-30009May 13, 2025
    risk 0.00cvss epss 0.00

    he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on…

  • CVE-2023-39436Aug 8, 2023
    risk 0.00cvss epss 0.00

    SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the…

  • CVE-2014-4161Jun 13, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter.

  • CVE-2014-4159Jun 13, 2014
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.