SapCVELIST:CVE-2023-37488CVE-2023-37488 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
17.1%
In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Process Integration",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_XIESR 7.50"
},
{
"status": "affected",
"version": "SAP_XITOOL 7.50"
},
{
"status": "affected",
"version": "SAP_XIAF 7.50"
}
]
}
]Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
17.1%