Primary

Context

SAP SRM Live Auction Cockpit Java Applet Vulnerability Allowing Cross-Site Scripting

Vulnerability

A vulnerability exists in the Live Auction Cockpit of SAP Supplier Relationship Management (SRM) due to the use of a deprecated Java applet component in certain SRM packages. This flaw enables an unauthenticated attacker to execute malicious scripts in the browser of the affected user. The vulnerability has a low impact on confidentiality and integrity within the context of the user's browser, and does not affect the application's availability.

Impact

Exploitation of this vulnerability allows for cross-site scripting (XSS) attacks, where an attacker can inject malicious scripts that are executed in the context of the victim's browser.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP Security Patch Day program.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP SRM Live Auction Cockpit Java Applet Vulnerability Allowing Cross-Site Scripting

Vulnerability

Impact

Remediation

Affected Products

SAP Supplier Relationship Management

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating