CVE-2026-0513
📋 TL;DR
An open redirect vulnerability in SAP Supplier Relationship Management allows unauthenticated attackers to craft malicious URLs that redirect victims to attacker-controlled sites. This affects SAP SRM Catalog systems with the vulnerable SICF handler. The vulnerability has low impact on application integrity with no effect on confidentiality or availability.
💻 Affected Systems
- SAP Supplier Relationship Management (SRM)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Victims could be redirected to phishing sites that steal credentials or deliver malware, potentially leading to account compromise or system infection.
Likely Case
Attackers use the redirect for phishing campaigns, tricking users into visiting malicious sites that appear legitimate due to the SAP domain in the URL.
If Mitigated
With proper user awareness training and URL filtering, the impact is minimal as users would recognize suspicious redirects.
🎯 Exploit Status
Open redirect vulnerabilities are commonly exploited in phishing campaigns and require minimal technical skill to weaponize.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SAP Note 3638716 for specific patch information
Vendor Advisory: https://me.sap.com/notes/3638716
Restart Required: Yes
Instructions:
1. Review SAP Note 3638716 for patch details. 2. Apply the relevant SAP security patch. 3. Restart affected SAP services. 4. Verify the fix by testing redirect functionality.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side validation to reject URLs with external domains in redirect parameters
Custom ABAP code required - implement URL validation in SICF handler
Web Application Firewall Rule
allConfigure WAF to block requests containing suspicious redirect parameters
WAF-specific configuration required - block patterns like *redirect=*http*
🧯 If You Can't Patch
- Implement strict URL filtering at network perimeter to block malicious redirects
- Deploy user awareness training about phishing risks from unexpected redirects
🔍 How to Verify
Check if Vulnerable:
Test by attempting to redirect to external domains using crafted URLs with redirect parametersCheck Version:
Use SAP transaction SM51 or check system info in SAP GUIVerify Fix Applied:
After patching, test redirect functionality to confirm external domain redirects are blocked📡 Detection & Monitoring
Log Indicators:
- Unusual redirect patterns in web server logs
- Multiple requests with redirect parameters to external domains
Network Indicators:
- Outbound connections to suspicious domains following SAP SRM requests
SIEM Query:
source="sap_srm_logs" AND (url CONTAINS "redirect=" OR url CONTAINS "url=") AND dest_domain NOT IN allowed_domains