CVE-2023-29110 — LOW (3.7) — White Hats Nepal

Vulnerability Description

The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.

CVSS Score

3.7

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Abap Platform	75c
Sap	Application Interface Framework	aif_703
Sap	Basis	755
Sap	S4Core	100

Related Weaknesses (CWE)

CWE-79 CWE-80

References

https://launchpad.support.sap.com/#/notes/3113349Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
https://launchpad.support.sap.com/#/notes/3113349Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory

FAQ

What is CVE-2023-29110?

CVE-2023-29110 is a vulnerability with a CVSS score of 3.7 (LOW). The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attack...

How severe is CVE-2023-29110?

CVE-2023-29110 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-29110?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Abap Platform, Sap Application Interface Framework, Sap Basis, Sap S4Core.