ID
VAR-202505-4203
CVE
CVE-2025-30018
DESCRIPTION
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.
Trust: 1.0
sources:
NVD: CVE-2025-30018
AFFECTED PRODUCTS
| vendor: | sap | model: | supplier relationship management | scope: | eq | version: | 7.14 | Trust: 1.0 |
sources:
NVD: CVE-2025-30018
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
NVD: CVE-2025-30018 //
NVD: CVE-2025-30018
PROBLEMTYPE DATA
| problemtype: | CWE-611 | Trust: 1.0 |
sources:
NVD: CVE-2025-30018
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-30018 | Trust: 1.0 |
sources:
NVD: CVE-2025-30018
REFERENCES
| url: | https://url.sap/sapsecuritypatchday | Trust: 1.0 |
| url: | https://me.sap.com/notes/3578900 | Trust: 1.0 |
sources:
NVD: CVE-2025-30018
SOURCES
| db: | NVD | id: | CVE-2025-30018 |
LAST UPDATE DATE
2025-11-18T15:28:23.199000+00:00
SOURCES UPDATE DATE
| db: | NVD | id: | CVE-2025-30018 | date: | 2025-10-23T16:43:25.360 |
SOURCES RELEASE DATE
| db: | NVD | id: | CVE-2025-30018 | date: | 2025-05-13T01:15:47.980 |