SAP Supplier Relationship Management Open Redirect Vulnerability

An open redirect vulnerability has been identified in SAP Supplier Relationship Management, specifically within the SICF Handler in the SRM Catalog. This vulnerability allows an unauthenticated attacker to create a malicious URL that, when accessed by a victim, redirects them to an attacker-controlled site. The issue is assessed to have a low impact on the application's integrity, with no effects on confidentiality or availability.

Impact

Exploitation of this vulnerability could lead to an open redirect, allowing attackers to redirect users to malicious sites, potentially causing phishing or other social engineering attacks.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where a complete list of all security notes is available. It is recommended to implement these security corrections as a priority.