← voltar
CVE-2025-30011

Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

CVSS 5.3 MEDIUMEPSS 0.3%CWE-497
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 mai 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
SAP_SE · SAP Supplier Relationship Management (Live Auction Cockpit)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3578900https://url.sap/sapsecuritypatchday