CVE-2023-37488

2023-08-0801:15:18

CWE-79

[email protected]

web.nvd.nist.gov

sap

netweaver

process integration

cve-2023-37488

cross-site scripting

xss

nvd

security advisory

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.1%

JSON

In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system.

Affected configurations

NVD

Node

sapnetweaver_process_integrationMatch7.50

CPENameOperatorVersion
sap:netweaver_process_integrationsap netweaver process integrationeq7.50

CPE	Name	Operator	Version
sap:netweaver_process_integration	sap netweaver process integration	eq	7.50

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver Process Integration",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_XIESR 7.50"
      },
      {
        "status": "affected",
        "version": "SAP_XITOOL 7.50"
      },
      {
        "status": "affected",
        "version": "SAP_XIAF 7.50"
      }
    ]
  }
]