Sap Supplier_relationship_management
11 CVEs affecting Sap Supplier_relationship_management. Latest disclosed: 2026-01-13. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-30012 | Critical | 10.0 | 2025-05-13 | The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to sen… |
CVE-2025-30018 | High | 8.6 | 2025-05-13 | The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a craft… |
CVE-2025-42920 | Medium | 6.1 | 2025-09-09 | Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and… |
CVE-2025-30010 | Medium | 6.1 | 2025-05-13 | The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an… |
CVE-2025-30009 | Medium | 6.1 | 2025-05-13 | he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an… |
CVE-2019-0361 | Medium | 6.1 | 2019-09-10 | SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-control… |
CVE-2023-39436 | Medium | 5.8 | 2023-08-08 | SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM… |
CVE-2025-30011 | Medium | 5.3 | 2025-05-13 | The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an… |
CVE-2026-0513 | Medium | 4.7 | 2026-01-13 | Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a maliciou… |
CVE-2014-4161 | | 2014-06-13 | Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web scri… | |
CVE-2014-4159 | | 2014-06-13 | Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web s… |