CVE-2025-30012 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this malicious request which will result in...

CVE-2025-30009 Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)

he Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and...

PT-2025-20808 · Sap · Sap Supplier Relationship Management

Name of the Vulnerable Software and Affected Versions: SAP Supplier Relationship Management SRM affected versions not specified Description: The issue concerns the Live Auction Cockpit in SAP Supplier Relationship Management SRM, which utilizes a deprecated Java applet component. This component...

SAP Supplier Relationship Management 安全漏洞

SAP supplier relationship management is a supplier relationship management software developed by SAP Germany. An information disclosure vulnerability exists in SAP supplier relationship management, which stems from the use of a deprecated Java applet component, and can be exploited by an attacker...

SAP Supplier Relationship Management 输入验证错误漏洞

SAP supplier relationship management is a supplier relationship management software developed by SAP Germany. An input validation error vulnerability exists in SAP supplier relationship management, which stems from the use of a deprecated Java applet component that can be exploited by an attacker...

SAP Supplier Relationship Management 跨站脚本漏洞

SAP supplier relationship management is a supplier relationship management software developed by SAP Germany. A cross-site scripting vulnerability exists in SAP supplier relationship management, which stems from the use of a deprecated Java applet component that can be exploited by an attacker to...

PT-2025-20806 · Sap · Sap Srm

Name of the Vulnerable Software and Affected Versions: SAP Supplier Relationship Management SRM affected versions not specified Description: The issue concerns the use of a deprecated java applet component within the Live Auction Cockpit in SAP SRM. This allows an unauthenticated attacker to craf...

PT-2025-20807 · Sap · Sap Srm

Name of the Vulnerable Software and Affected Versions: SAP Supplier Relationship Management SRM affected versions not specified Description: The issue concerns the use of a deprecated java applet component within the Live Auction Cockpit in SAP SRM. This allows an unauthenticated attacker to send...

PT-2025-20805 · Sap · Sap Srm

Name of the Vulnerable Software and Affected Versions: SAP Supplier Relationship Management SRM affected versions not specified Description: The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated Java applet component, allowing an unauthenticated attacker to execut...

SUSE CVE-2005-3946

Opera 8.50 allows remote attackers to cause a denial of service crash via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class...

SUSE CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

SUSE CVE-2008-4695

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...

SUSE CVE-2009-1837

Race condition in the NPObjWrapperNewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for...

SUSE CVE-2011-0067

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls...

SUSE CVE-2012-3423

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...

Design/Logic Flaw

It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy SOP checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value...

CVE-2015-5236

The CVE-2015-5236 entry concerns IcedTea-Web, where the codebase attribute of the HTML tag used in the SOP check is not required to match the applet’s actual origin. This could allow a malicious site to bypass Same Origin Policy by spoofing the codebase value. Public documentation provided refer...

CVE-2021-35528

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing CSB allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or...

CVE-2021-35528

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing CSB allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or...

Improper access control

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing CSB allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or...