CVE-2025-30011 MEDIUM

CVE-2025-30011: Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

Vendor Sap_Se
Product SAP Supplier Relationship Management (Live Auction Cockpit)
Weakness CWE-497
Published May 13, 2025
Last update May 13, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated