Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-41369

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.

Published

2023-09-12T02:15:12.983

Last Modified

2024-11-21T08:21:10.440

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	s\/4_hana	100	Yes
Application	sap	s\/4_hana	101	Yes
Application	sap	s\/4_hana	102	Yes
Application	sap	s\/4_hana	103	Yes
Application	sap	s\/4_hana	104	Yes
Application	sap	s\/4_hana	105	Yes
Application	sap	s\/4_hana	106	Yes
Application	sap	s\/4_hana	107	Yes
Application	sap	s\/4_hana	108	Yes

References

https://me.sap.com/notes/3369680 Permissions Required ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://me.sap.com/notes/3369680 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)