EUVD-2024-39583

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Weak input encoding in SAP S/4HANA allows XSS attacks, affecting confidentiality and integrity.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-42378	10 Sep 202405:51	–	circl
CNNVD	SAP S/4HANA 跨站脚本漏洞	10 Sep 202400:00	–	cnnvd
CVE	CVE-2024-42378	10 Sep 202402:41	–	cve
Cvelist	CVE-2024-42378 Cross-Site Scripting (XSS) in eProcurement on S/4HANA	10 Sep 202402:41	–	cvelist
NCSC	Vulnerabilities fixed in SAP products	19 Sep 202411:37	–	ncsc
NVD	CVE-2024-42378	10 Sep 202403:15	–	nvd
Positive Technologies	PT-2024-29906 · Sap · Sap S/4Hana Eprocurement	9 Sep 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-42378	23 May 202508:29	–	redhatcve
Vulnrichment	CVE-2024-42378 Cross-Site Scripting (XSS) in eProcurement on S/4HANA	10 Sep 202402:41	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "295e93e2-a5c8-3c3a-902c-139623db6811",
        "vendor": {
          "name": "SAP_SE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0a5e2474-357b-3592-8ca5-8bea6fc93558",
        "product": {
          "name": "SAP S/4HANA eProcurement"
        },
        "product_version": "S4CORE 107"
      },
      {
        "id": "0ed12099-0f60-32ae-9a57-ef94ee805970",
        "product": {
          "name": "SAP S/4HANA eProcurement"
        },
        "product_version": "S4CORE 106"
      },
      {
        "id": "1b090ef3-e03e-369c-b658-5a64e8c06dd0",
        "product": {
          "name": "SAP S/4HANA eProcurement"
        },
        "product_version": "SAP_APPL 617"
      },
      {
        "id": "3d3da474-6f2f-3acd-894d-594f4181fb64",
        "product": {
          "name": "SAP S/4HANA eProcurement"
        },
        "product_version": "S4CORE 108"
      },
      {
        "id": "3e00e176-dc5c-319f-9127-136bf70600d6",
        "product": {
          "name": "SAP S/4HANA eProcurement"
        },
        "product_version": "SAP_APPL 618"
      },
      {
        "id": "49515ac5-ddba-3813-8d53-ff5419a8734c",
        "product": {
          "name": "SAP S/4HANA eProcurement"
        },
        "product_version": "S4CORE 105"
      },
      {
        "id": "8e88303f-85bd-3fa1-98b3-b189f834042e",
        "product": {
          "name": "SAP S/4HANA eProcurement"
        },
        "product_version": "S4CORE 102"
      },
      {
        "id": "be29b0e1-c841-3e8c-ae0c-39870f92fd69",
        "product": {
          "name": "SAP S/4HANA eProcurement"
        },
        "product_version": "SAP_APPL 606"
      },
      {
        "id": "d1e249f2-348c-3acc-b819-6d7d6254ebc7",
        "product": {
          "name": "SAP S/4HANA eProcurement"
        },
        "product_version": "S4CORE 103"
      },
      {
        "id": "f6fb5454-c476-395e-938d-c993d3881546",
        "product": {
          "name": "SAP S/4HANA eProcurement"
        },
        "product_version": "S4CORE 104"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3497347
url	www.url.sap/sapsecuritypatchday

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.16.1

EPSS0.00166

SSVC