CVE-2024-42378 Cross-Site Scripting (XSS) in eProcurement on S/4HANA

🗓️ 10 Sep 2024 02:41:47Reported by sapType

Cross-Site Scripting vulnerability in eProcurement on S/4HAN

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-42378	10 Sep 202405:51	–	circl
CNNVD	SAP S/4HANA 跨站脚本漏洞	10 Sep 202400:00	–	cnnvd
CVE	CVE-2024-42378	10 Sep 202402:41	–	cve
EUVD	EUVD-2024-39583	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	19 Sep 202411:37	–	ncsc
NVD	CVE-2024-42378	10 Sep 202403:15	–	nvd
Positive Technologies	PT-2024-29906 · Sap · Sap S/4Hana Eprocurement	9 Sep 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-42378	23 May 202508:29	–	redhatcve
Vulnrichment	CVE-2024-42378 Cross-Site Scripting (XSS) in eProcurement on S/4HANA	10 Sep 202402:41	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP S/4HANA eProcurement",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_APPL 606"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 617"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 618"
      },
      {
        "status": "affected",
        "version": "S4CORE 102"
      },
      {
        "status": "affected",
        "version": "S4CORE 103"
      },
      {
        "status": "affected",
        "version": "S4CORE 104"
      },
      {
        "status": "affected",
        "version": "S4CORE 105"
      },
      {
        "status": "affected",
        "version": "S4CORE 106"
      },
      {
        "status": "affected",
        "version": "S4CORE 107"
      },
      {
        "status": "affected",
        "version": "S4CORE 108"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3497347

10 Sep 2024 02:41Current

CVSS 3.16.1

EPSS0.00166

CWE-79