Lucene search

SapCVELIST:CVE-2023-42479

HistoryDec 12, 2023 - 12:59 a.m.

CVE-2023-42479 Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct

2023-12-1200:59:36

CWE-79

sap

www.cve.org

cve-2023-42479

cross-site scripting

sap biller direct

unauthenticated attacker

hidden access

disclosure

modification

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.7%

JSON

An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Biller Direct",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "635"
      },
      {
        "status": "affected",
        "version": "750"
      }
    ]
  }
]

References

me.sap.com/notes/3383321

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.7%

JSON

Related for CVELIST:CVE-2023-42479