SAP Supplier Relationship Management Live Auction Cockpit Sensitive Data Exposure Vulnerability

A vulnerability in the Live Auction Cockpit component of SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to send a crafted XML file in an application servlet request. When this XML is parsed, it can lead to unauthorized access to sensitive files and data. This issue significantly impacts the confidentiality of the application, with no noted effects on its integrity or availability.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive files and data, leading to a breach of confidentiality.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, where all Security Notes are available. For guidance on accessing and applying SAP Security Notes, refer to the SAP Security Notes FAQs.