Lucene search

SapCVELIST:CVE-2023-31407

HistoryMay 09, 2023 - 1:37 a.m.

CVE-2023-31407 Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation

2023-05-0901:37:53

CWE-79

sap

www.cve.org

sap business planning and consolidation

cross-site scripting

file upload

confidentiality

integrity

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.6%

JSON

SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Business Planning and Consolidation",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "740"
      },
      {
        "status": "affected",
        "version": "750"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3312892

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html