Java Applet Vulnerability in SAP Supplier Relationship Management
CVE-2025-30009

6.1MEDIUM

What is CVE-2025-30009?

The Live Auction Cockpit within SAP Supplier Relationship Management (SRM) utilizes a deprecated Java applet component. This design flaw permits unauthenticated attackers to inject malicious scripts into the victim's browser, potentially compromising their browser's security. While the direct impacts on confidentiality and integrity are limited to the user’s browser session, it raises significant concerns about securing web applications that still rely on outdated components.

Affected Version(s)

SAP Supplier Relationship Management (Live Auction Cockpit) SRM_SERVER 7.14

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.