Details of VAR-202601-1872

ID

VAR-202601-1872

CVE

CVE-2026-0513

TITLE

SAP of SAP Supplier Relationship Management Open redirect vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-001903

DESCRIPTION

Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted. This vulnerability has a low impact on the integrity of the application, but does not affect confidentiality or availability.Information handled by the software will not be leaked to the outside. However, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability may affect other software

Trust: 1.62

sources: NVD: CVE-2026-0513 // JVNDB: JVNDB-2026-001903

AFFECTED PRODUCTS

vendor:	sap	model:	supplier relationship management	scope:	eq	version:	713	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	701	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	714	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	702	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	700	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	-	version:	-	Trust: 0.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-001903 // NVD: CVE-2026-0513

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@sap.com:	CVE-2026-0513
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2026-0513
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2026-0513
value:	MEDIUM
Trust: 0.8

cna@sap.com:	CVE-2026-0513
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2026-0513
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001903 // NVD: CVE-2026-0513 // NVD: CVE-2026-0513

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.0
problemtype:	Open redirect (CWE-601) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001903 // NVD: CVE-2026-0513

PATCH

title:

SAP Security Notes & News

url:

https://url.sap/sapsecuritypatchday

Trust: 0.8

sources: JVNDB: JVNDB-2026-001903

EXTERNAL IDS

db:	NVD	id:	CVE-2026-0513	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-001903	Trust: 0.8

sources: JVNDB: JVNDB-2026-001903 // NVD: CVE-2026-0513

REFERENCES

url:	https://me.sap.com/notes/3638716	Trust: 1.0
url:	https://url.sap/sapsecuritypatchday	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-0513	Trust: 0.8

sources: JVNDB: JVNDB-2026-001903 // NVD: CVE-2026-0513

SOURCES

db:	JVNDB	id:	JVNDB-2026-001903
db:	NVD	id:	CVE-2026-0513

LAST UPDATE DATE

2026-01-29T23:54:23.384000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001903	date:	2026-01-27T08:34:00
db:	NVD	id:	CVE-2026-0513	date:	2026-01-22T18:48:53.343

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001903	date:	2026-01-27T00:00:00
db:	NVD	id:	CVE-2026-0513	date:	2026-01-13T02:15:53.957