Primary

Context

SAP SRM Live Auction Cockpit Deprecated Java Applet Vulnerability Allowing Phishing Links

Vulnerability

A vulnerability exists in the Live Auction Cockpit of SAP Supplier Relationship Management (SRM) due to the use of a deprecated Java applet component in certain SRM packages. This flaw enables an unauthenticated attacker to create a malicious link that, when clicked by a user, redirects the browser to a harmful site. Successful exploitation could lead to a low impact on confidentiality and integrity, with no effect on the application's availability.

Impact

Exploitation of this vulnerability could result in a low impact on confidentiality and integrity.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP Security Patch Day Bulletin. This vulnerability will be addressed in the upcoming SAP Security Patch Day on January 14, 2025.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP SRM Live Auction Cockpit Deprecated Java Applet Vulnerability Allowing Phishing Links

Vulnerability

Impact

Remediation

Affected Products

SAP Supplier Relationship Management

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating