16 matches found
CVE-2026-0513
Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application...
EUVD-2018-14304
Malware in sbrugna...
PT-2025-36552
Name of the Vulnerable Software and Affected Versions: SAP Supplier Relationship Management affected versions not specified Description: A Cross-Site Scripting XSS vulnerability exists in SAP Supplier Relationship Management. An unauthenticated attacker can create a malicious link and, if clicked...
CVE-2025-30018
The Live Auction Cockpit in SAP Supplier Relationship Management SRM allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the...
CVE-2025-30009
he Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and...
CVE-2025-30011
The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected...
CVE-2018-2449
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in SAP NetWeaver 7.3 - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying...
CVE-2018-2449
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in SAP NetWeaver 7.3 - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying...
XSS in SAP NetWeaver AS Java SRM
Application: SAP SRM Versions Affected: SAP SRM 701 – 714 Vendor URL: SAP Bug: XSS Reported: 17.05.2017 Vendor response: 18.05.2017 Date of Public Advisory: 08.08.2017 Reference: SAP Security Note 2493099 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS Risk: Medium Impact:...
CVE-2014-4161
Cross-site scripting XSS vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management SRM allows remote attackers to inject arbitrary web script or HTML via the url parameter...
CVE-2014-4159
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management SRM allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management SRM allows remote attackers to inject arbitrary web script or HTML via the url parameter...
Open redirect
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management SRM allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...
CVE-2014-4161
Cross-site scripting XSS vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management SRM allows remote attackers to inject arbitrary web script or HTML via the url parameter...
CVE-2014-4159
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management SRM allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...
SAP TesContainerAdmin service - Stored XSS
Application: SAP Cfolders included in: SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms Vendor URL: Bugs: Multiple Stored XSS Risk: High Exploits: YES Reported: 13.05.2011 Vendor response: 14.05.2011 Date of Public Advisory: 20.01.2012 Reference: SAP Security Note 1591749...