Design/Logic Flaw

2023-04-1104:16:00

PRIOn knowledge base

www.prio-n.com

sap application

html injection

message dashboard

security flaw

confidentiality impact

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.

CPENameOperatorVersion
abap_platformeq75.0.99
abap_platformeq75.0.100
abap_platformeq75.0.101
application_interface_frameworkeqaifx-702
application_interface_frameworkeqaif-703
basiseq755
basiseq756
s4coreeq101
s4coreeq100

Name	Operator	Version
abap_platform	eq	75.0.99
abap_platform	eq	75.0.100
abap_platform	eq	75.0.101
application_interface_framework	eq	aifx-702
application_interface_framework	eq	aif-703
basis	eq	755
basis	eq	756
s4core	eq	101
s4core	eq	100