CVE-2025-30018
published 2025-05-13CVE-2025-30018: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | supplier_relationship_management | — | — |
| sap_se | sap_supplier_relationship_management | — | — |