Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-29110

The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.

Published

2023-04-11T04:16:07.663

Last Modified

2024-11-21T07:56:34.107

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

Weaknesses

Type: Secondary
CWE-80
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	abap_platform	75c	Yes
Application	sap	abap_platform	75d	Yes
Application	sap	abap_platform	75e	Yes
Application	sap	application_interface_framework	aif_703	Yes
Application	sap	application_interface_framework	aifx_702	Yes
Application	sap	basis	755	Yes
Application	sap	basis	756	Yes
Application	sap	s4core	100	Yes
Application	sap	s4core	101	Yes

References

https://launchpad.support.sap.com/#/notes/3113349 Permissions Required ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3113349 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)