CNNVD-202510-2078 Information
CNNVD ID
CNNVD-202510-2078
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
SAP Supplier Relationship Management(SRM)是德国思爱普(SAP)公司的一套供应商关系管理解决方案。该产品实现了企业内以及供应商之间采购和购置流程的自动化,并提供发票开具等功能。 SAP Supplier Relationship Management存在代码问题漏洞,该漏洞源于缺少文件类型或内容验证,可能导致上传任意文件,影响应用程序的机密性、完整性和可用性。
Description (English)
SAP Suplier Relationship Management (SRM) is a supplier relationship management solution for SAP, Germany. The product automates the procurement and acquisition process within the enterprise and between suppliers and provides functions such as invoicing. There is a code gap in SAP Suppleier Relationship Management, which stems from a lack of document type or content validation, which may lead to the uploading of arbitrary files, affecting the confidentiality, integrity and availability of applications.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
思爱普
Published
2025-10-14
Last Modified
2026-02-24
References
https://me.sap.com/notes/3647332 https://url.sap/sapsecuritypatchday https://access.redhat.com/security/cve/cve-2025-42910
Patch
https://www.sap.com/index.html
Share on: