SAP Supplier Relationship Management Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in SAP Supplier Relationship Management (SRM) within the Master Data Management Catalogue. This issue allows an unauthenticated attacker to execute malicious scripts in the application. While the vulnerability does not affect the application's availability, it could have minor implications for its confidentiality and integrity.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users are advised to review and implement the SAP Security Notes available in SAP for Me. Security fixes for SAP NetWeaver-based products are delivered with the support packages. For details on the SAP Security Patch Day schedule and notes, refer to the SAP Security Notes FAQ.