SAP Supplier Relationship Management
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in SAP Supplier Relationship Management.
By the Year
In 2026 there have been 0 vulnerabilities in SAP Supplier Relationship Management. Last year, in 2025 Supplier Relationship Management had 1 security vulnerability published. Right now, Supplier Relationship Management is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 9.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.80 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 6.10 |
It may take a day or so for new Supplier Relationship Management vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Supplier Relationship Management Security Vulnerabilities
SAP SRM Authenticated Arbitrary File Upload
CVE-2025-42910
9 - Critical
- October 14, 2025
Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker could cause high impact on confidentiality, integrity and availability of the application.
Unrestricted File Upload
SAP SRM Unauthorized Info Disclosure via Vendor Master Data Replication
CVE-2023-39436
5.8 - Medium
- August 08, 2023
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.
Missing Authentication for Critical Function
SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT
CVE-2019-0361
6.1 - Medium
- September 10, 2019
SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Supplier Relationship Management or by SAP? Click the Watch button to subscribe.
