SAP Supplier Relationship Management Cross-Site Scripting Vulnerability

A Cross-Site Scripting (XSS) vulnerability has been identified in SAP Supplier Relationship Management. This issue allows an unauthenticated attacker to create a malicious link that, when clicked by an authenticated user, executes harmful content. The vulnerability arises because the injected input is processed during page generation, enabling the attacker to access and modify information within the victim's browser. This impacts the confidentiality and integrity of the user's data, while availability remains unaffected.

Impact

Exploitation of this vulnerability allows for Cross-Site Scripting, where an attacker can inject malicious scripts that are executed in the context of the victim's browser. This could lead to unauthorized access to sensitive information or manipulation of data within the user's session.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability. This can be done through the SAP Security Patch Day, which occurs on the second Tuesday of each month. For more information, consult the SAP Security Notes FAQ or access SAP Security Notes through the SAP for Me platform.