CVE-2026-0513
Severity CVSS v4.0:
Pending analysis
Type:
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Publication date:
13/01/2026
Last modified:
22/01/2026
Description
Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted.
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:supplier_relationship_management:700:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:supplier_relationship_management:701:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:supplier_relationship_management:702:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:supplier_relationship_management:713:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:supplier_relationship_management:714:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page