Sign-up

ID

VAR-202505-3493


CVE

CVE-2025-30011


DESCRIPTION

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application.

Trust: 1.0

sources: NVD: CVE-2025-30011

AFFECTED PRODUCTS

vendor:sapmodel:supplier relationship managementscope:eqversion:7.14

Trust: 1.0

sources: NVD: CVE-2025-30011

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@sap.com: CVE-2025-30011
value: MEDIUM

Trust: 1.0

cna@sap.com: CVE-2025-30011
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-30011

PROBLEMTYPE DATA

problemtype:CWE-497

Trust: 1.0

sources: NVD: CVE-2025-30011

EXTERNAL IDS

db:NVDid:CVE-2025-30011

Trust: 1.0

sources: NVD: CVE-2025-30011

REFERENCES

url:https://url.sap/sapsecuritypatchday

Trust: 1.0

url:https://me.sap.com/notes/3578900

Trust: 1.0

sources: NVD: CVE-2025-30011

SOURCES

db:NVDid:CVE-2025-30011

LAST UPDATE DATE

2025-11-18T15:05:15.208000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-30011date:2025-10-23T16:55:32.087

SOURCES RELEASE DATE

db:NVDid:CVE-2025-30011date:2025-05-13T01:15:47.697