Lucene search

SapCVELIST:CVE-2023-39437

HistoryAug 08, 2023 - 12:48 a.m.

CVE-2023-39437 Cross-Site Scripting (XSS) vulnerability in SAP Business One

2023-08-0800:48:38

CWE-79

sap

www.cve.org

sap business one

version 10.0

cross-site scripting

confidentiality

integrity

availability

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

21.7%

JSON

SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Business One",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "10.0"
      }
    ]
  }
]

References

me.sap.com/notes/3358300

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

21.7%

JSON

Related for CVELIST:CVE-2023-39437