CVE-2026-0513
Open Redirect Vulnerability in SAP SRM SICF Handler
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | supplier_relationship_management | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Open Redirect in SAP Supplier Relationship Management (SICF Handler in SRM Catalog). An unauthenticated attacker can create a malicious URL that, when clicked by a victim, redirects them to a site controlled by the attacker. This affects the integrity of the application but does not impact confidentiality or availability.
How can this vulnerability impact me? :
The impact of this vulnerability is low on the integrity of the application. It could potentially be used to redirect users to malicious sites, which might lead to phishing or other social engineering attacks. However, it does not affect the confidentiality or availability of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a low impact on the integrity of the application but does not affect confidentiality or availability. There is no specific information provided about its direct effect on compliance with standards like GDPR or HIPAA.