CVE-2026-0513

Published: Jan 13, 2026Modified: Jan 22, 2026

4.7

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted.

Affected (5)

Products: Sap: Supplier Relationship Management

Sap

1 product

Supplier Relationship Management

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Sap Supplier Relationship Management	Version 700
Sap Supplier Relationship Management	Version 701
Sap Supplier Relationship Management	Version 702
Sap Supplier Relationship Management	Version 713
Sap Supplier Relationship Management	Version 714

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://me.sap.com/notes/3638716

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

PatchVendor Advisory

Timeline

No history available yet.