CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-30011: Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

5.3 CVSS

Description

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application.

Classification

CVE ID: CVE-2025-30011

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

Affected Products

Vendor: SAP_SE

Product: SAP Supplier Relationship Management (Live Auction Cockpit)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 15.6% (scored less or equal to compared to others)

EPSS Date: 2025-06-11 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30011
https://me.sap.com/notes/3578900
https://url.sap/sapsecuritypatchday

Timeline

2025-05-13 19:40:19 UTC
CVE

Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)