SAP Supplier Relationship Management Cross-Site Scripting Vulnerability

A Cross-Site Scripting (XSS) vulnerability has been identified in the SAP Supplier Relationship Management (SRM) Catalog, specifically within the SICF Handler. This vulnerability allows an unauthenticated attacker to create a malicious URL that, when accessed by a victim, executes harmful content in the victim's browser. The attacker could potentially access and modify information, thereby compromising the application's confidentiality and integrity, while its availability remains unaffected.

Impact

Exploitation of this vulnerability allows for Cross-Site Scripting, where an attacker can inject malicious scripts that are executed in the context of the victim's browser.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.