ГлавнаяУязвимости → CVE-2025-30018
8.6высокая

CVE-2025-30018

Описание

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.

Затрагиваемое ПО
Sap Supplier relationship management
CVSS
Балл8.6 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Источники
https://me.sap.com/notes/3578900https://url.sap/sapsecuritypatchday