Security fix for event determination program, SAP security note 1443934

Description

Due to a vulnerability which exists in the SRM tool for determination of the event customizing, which is part of the SAP Supplier Relationship management (SAP SRM)     solution, it is possible for a hacker to access restricted SAP          transactions at runtime. This can lead to any or all of the following:
1.  Manipulation of Business Logic, resulting in inconsistent data           states
2.  May lead ot violation of  regulatory compliance as this                 vulnerability allows for unprivileged access to critical business       logic.

Affected Releases:

SAP SRM 6.0

SAP SRM 7.0

Available fix and Supported packages

SRM_SERVER | 600 | 600
SRM_SERVER | 700 | 700
SRM_SERVER | 701 | 701
SRM_SERVER 600 | SAPKIBKU06 |
SRM_SERVER 701 | SAPK-70101INSRMSRV |
SRM_SERVER 700 | SAPKIBKV08 |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1443934

Vahagn Vardanian

Security fix for event determination program, SAP security note 1443934

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

Explore More

SAP Security Advisory – CVE-2025-42890

SAP security patches November 2025

CVE-2025-42944 – Critical Severity Remote Code Execution in SAP NetWeaver RMI-P4

CVE-2025-42937 – Critical Directory Traversal Vulnerability in SAP Print Service