Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-23851

SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system.

Published

2023-02-14T04:15:11.180

Last Modified

2024-11-21T07:46:57.347

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	business_planning_and_consolidation	200	Yes
Application	sap	business_planning_and_consolidation	300	Yes

References

https://launchpad.support.sap.com/#/notes/3275841 Permissions Required, Vendor Advisory ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3275841 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)