Lucene search

K
nvd[email protected]NVD:CVE-2023-42479
HistoryDec 12, 2023 - 1:15 a.m.

CVE-2023-42479

2023-12-1201:15:10
CWE-79
web.nvd.nist.gov
2
unauthenticated access
biller direct
xss attack
disclosure
modification

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.5%

An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.

Affected configurations

Nvd
Node
sapbiller_directMatch635
OR
sapbiller_directMatch750
VendorProductVersionCPE
sapbiller_direct635cpe:2.3:a:sap:biller_direct:635:*:*:*:*:*:*:*
sapbiller_direct750cpe:2.3:a:sap:biller_direct:750:*:*:*:*:*:*:*

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.5%

Related for NVD:CVE-2023-42479