VYPR
Unrated severityNVD Advisory· Published May 13, 2025· Updated May 13, 2025

Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

CVE-2025-30018

Description

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.