CVE-2026-0513

MEDIUM EPSS 6.7%
Published Jan 13, 20265mo ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago

Description

Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted.

CVSS Details

Base Score
4.7
Exploitability
2.8
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
6.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-601

Affected Products 5

VendorProductVersionRange
sapsupplier_relationship_management700any
sapsupplier_relationship_management701any
sapsupplier_relationship_management702any
sapsupplier_relationship_management713any
sapsupplier_relationship_management714any

References 2

  • me.sap.com https://me.sap.com/notes/3638716
    Permissions Required
  • url.sap https://url.sap/sapsecuritypatchday
    PatchVendor Advisory

Remediation

  • url.sap https://url.sap/sapsecuritypatchday
    PatchVendor Advisory