Lucene search

[email protected]NVD:CVE-2023-0024

HistoryFeb 14, 2023 - 4:15 a.m.

CVE-2023-0024

2023-02-1404:15:10

CWE-79

[email protected]

web.nvd.nist.gov

sap solution manager

cross-site scripting

version 720

authenticated attacker

crafted malicious link

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

23.5%

JSON

SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability.

Affected configurations

Nvd

Node

sapsolution_managerMatch720

VendorProductVersionCPE
sapsolution_manager720cpe:2.3:a:sap:solution_manager:720:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	solution_manager	720	cpe:2.3:a:sap:solution_manager:720:::::::*

References

launchpad.support.sap.com/#/notes/3265846

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html