CNNVD-202601-2325 Information
CNNVD ID
CNNVD-202601-2325
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
SAP Supplier Relationship Management(SRM)是德国思爱普(SAP)公司的一套供应商关系管理解决方案。该产品实现了企业内以及供应商之间采购和购置流程的自动化,并提供发票开具等功能。 SAP Supplier Relationship Management存在输入验证错误漏洞,该漏洞源于开放重定向,可能导致未经验证的攻击者制作恶意URL将受害者重定向至攻击者控制的站点,对应用程序完整性造成低影响。
Description (English)
SAP Suplier Relationship Management (SRM) is a supplier relationship management solution for SAP, Germany. The product automates the procurement and acquisition process within the enterprise and between suppliers and provides functions such as invoicing. SAP Supplier Relationship Management has an input error loophole, which stems from open re-direction and may lead to uncertified assailants making malicious URLs to redirect victims to attacker-controlled sites, with low impact on the integrity of the application.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
思爱普
Published
2026-01-13
Last Modified
2026-02-24
References
https://me.sap.com/notes/3638716 https://url.sap/sapsecuritypatchday
Patch
https://url.sap/sapsecuritypatchday
Share on: