CVE-2026-0512

MEDIUM

Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)

Title source: cna

Description

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow the attacker to access and modify information, impacting the confidentiality and integrity of the application, while availability remains unaffected.

References (2)

Core 2

Core References

https://me.sap.com/notes/3645228

https://url.sap/sapsecuritypatchday

Scores

CVSS v3 6.1

EPSS 0.0011

EPSS Percentile 28.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (3)

SAP_SE/SAP Supplier Relationship Management (SICF Handler in SRM Catalog) 713

SAP_SE/SAP Supplier Relationship Management (SICF Handler in SRM Catalog) 714

SAP_SE/SAP Supplier Relationship Management (SICF Handler in SRM Catalog) SRM_SERVER 702

Published Apr 14, 2026

Tracked Since Apr 14, 2026