GHSA-p322-q4fj-r244

GHSA-p322-q4fj-r244 PUBLISHED CVSS 6.099999904632568 MEDIUM

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow the attacker to access and modify information, impacting the confidentiality and integrity of the application, while availability remains unaffected.

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Timeline

Apr 14, 2026 CVE Published
Apr 14, 2026 CVE Updated
Apr 14, 2026 Security Advisory

References

https://nvd.nist.gov/vuln/detail/CVE-2026-0512 advisory
https://me.sap.com/notes/3645228 url
https://url.sap/sapsecuritypatchday url

Open in Interactive Console →