cvelistv5 - cve-2023-24529

CVE-2023-24529 (GCVE-0-2023-24529)

Vulnerability from cvelistv5

Published

2023-02-14 03:19

Modified

2025-03-20 20:21

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.

References

►

URL

Tags

cna@sap.com	https://launchpad.support.sap.com/#/notes/3282663	Permissions Required, Vendor Advisory
cna@sap.com	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/3282663	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	SAP	NetWeaver AS ABAP (Business Server Pages application)	Version: 700 Version: 701 Version: 702 Version: 731 Version: 740 Version: 750 Version: 751 Version: 752 Version: 75C Version: 75D Version: 75E Version: 75F Version: 75G Version: 75H

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:56:04.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3282663"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24529",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T20:21:20.984968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T20:21:30.580Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetWeaver AS ABAP (Business Server Pages application)",
          "vendor": "SAP",
          "versions": [
            {
              "status": "affected",
              "version": "700"
            },
            {
              "status": "affected",
              "version": "701"
            },
            {
              "status": "affected",
              "version": "702"
            },
            {
              "status": "affected",
              "version": "731"
            },
            {
              "status": "affected",
              "version": "740"
            },
            {
              "status": "affected",
              "version": "750"
            },
            {
              "status": "affected",
              "version": "751"
            },
            {
              "status": "affected",
              "version": "752"
            },
            {
              "status": "affected",
              "version": "75C"
            },
            {
              "status": "affected",
              "version": "75D"
            },
            {
              "status": "affected",
              "version": "75E"
            },
            {
              "status": "affected",
              "version": "75F"
            },
            {
              "status": "affected",
              "version": "75G"
            },
            {
              "status": "affected",
              "version": "75H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDue to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\u003c/p\u003e"
            }
          ],
          "value": "Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "eng",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T21:24:44.858Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://launchpad.support.sap.com/#/notes/3282663"
        },
        {
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2023-24529",
    "datePublished": "2023-02-14T03:19:22.690Z",
    "dateReserved": "2023-01-25T15:46:55.581Z",
    "dateUpdated": "2025-03-20T20:21:30.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-24529\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2023-02-14T04:15:12.977\",\"lastModified\":\"2024-11-21T07:48:03.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E6E948A-59A4-460A-8369-68E9A94CA4EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B2AC049-E6B5-4954-875A-7E66F2CEFEDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1097BE81-D7C7-4288-82A8-F5FA0EB492E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4AA4EAF-ED70-4FEC-85B5-C8229EB5F600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F822C6B-3047-4EB1-9A85-EE10EA592DE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"689471D5-2189-48AF-ACE9-41DA4B642B1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD618C71-34FF-414C-86DC-C43C5EEF5D20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E4BD107-F102-4859-9439-955F4DACE96F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63AE465A-45CC-4834-BEC0-589935EFCAD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAADF821-7088-4D5C-BB6D-2662880AC62D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76E464A9-F2FD-4A91-8562-A33EBABD24E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D396DE3-DCE7-4CB1-B6AB-85F2A850C180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC3734C6-B13F-4BDA-8586-47C18FD1B26E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3975983-9499-49E2-8A1E-F1F9B2B5A792\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/3282663\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3282663\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://launchpad.support.sap.com/#/notes/3282663\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:56:04.273Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-24529\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-20T20:21:20.984968Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-20T20:21:26.834Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SAP\", \"product\": \"NetWeaver AS ABAP (Business Server Pages application)\", \"versions\": [{\"status\": \"affected\", \"version\": \"700\"}, {\"status\": \"affected\", \"version\": \"701\"}, {\"status\": \"affected\", \"version\": \"702\"}, {\"status\": \"affected\", \"version\": \"731\"}, {\"status\": \"affected\", \"version\": \"740\"}, {\"status\": \"affected\", \"version\": \"750\"}, {\"status\": \"affected\", \"version\": \"751\"}, {\"status\": \"affected\", \"version\": \"752\"}, {\"status\": \"affected\", \"version\": \"75C\"}, {\"status\": \"affected\", \"version\": \"75D\"}, {\"status\": \"affected\", \"version\": \"75E\"}, {\"status\": \"affected\", \"version\": \"75F\"}, {\"status\": \"affected\", \"version\": \"75G\"}, {\"status\": \"affected\", \"version\": \"75H\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://launchpad.support.sap.com/#/notes/3282663\"}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eDue to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"eng\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"shortName\": \"sap\", \"dateUpdated\": \"2023-04-11T21:24:44.858Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-24529\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-20T20:21:30.580Z\", \"dateReserved\": \"2023-01-25T15:46:55.581Z\", \"assignerOrgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"datePublished\": \"2023-02-14T03:19:22.690Z\", \"assignerShortName\": \"sap\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

wid-sec-w-2023-0356

Vulnerability from csaf_certbund

Published

2023-02-13 23:00

Modified

2023-02-13 23:00

Summary

SAP Software: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um die Vertraulichkeit Integrität und die Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- UNIX - Linux - MacOS X - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- MacOS X\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0356 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0356.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0356 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0356"
      },
      {
        "category": "external",
        "summary": "SAP Patchday Februar 2023 vom 2023-02-13",
        "url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=10"
      }
    ],
    "source_lang": "en-US",
    "title": "SAP Software: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-02-13T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:43:30.138+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0356",
      "initial_release_date": "2023-02-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-02-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SAP Software",
            "product": {
              "name": "SAP Software",
              "product_id": "T016476",
              "product_identification_helper": {
                "cpe": "cpe:/a:sap:sap:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SAP"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-25614",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-25614"
    },
    {
      "cve": "CVE-2023-24530",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-24530"
    },
    {
      "cve": "CVE-2023-24529",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-24529"
    },
    {
      "cve": "CVE-2023-24528",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-24528"
    },
    {
      "cve": "CVE-2023-24525",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-24525"
    },
    {
      "cve": "CVE-2023-24524",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-24524"
    },
    {
      "cve": "CVE-2023-24523",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-24523"
    },
    {
      "cve": "CVE-2023-24522",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-24522"
    },
    {
      "cve": "CVE-2023-24521",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-24521"
    },
    {
      "cve": "CVE-2023-23860",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23860"
    },
    {
      "cve": "CVE-2023-23859",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23859"
    },
    {
      "cve": "CVE-2023-23858",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23858"
    },
    {
      "cve": "CVE-2023-23856",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23856"
    },
    {
      "cve": "CVE-2023-23855",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23855"
    },
    {
      "cve": "CVE-2023-23854",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23854"
    },
    {
      "cve": "CVE-2023-23853",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23853"
    },
    {
      "cve": "CVE-2023-23852",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23852"
    },
    {
      "cve": "CVE-2023-23851",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-23851"
    },
    {
      "cve": "CVE-2023-0025",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-0025"
    },
    {
      "cve": "CVE-2023-0024",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-0024"
    },
    {
      "cve": "CVE-2023-0020",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-0020"
    },
    {
      "cve": "CVE-2023-0019",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-0019"
    },
    {
      "cve": "CVE-2023-0013",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2023-0013"
    },
    {
      "cve": "CVE-2022-41268",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2022-41268"
    },
    {
      "cve": "CVE-2022-41264",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2022-41264"
    },
    {
      "cve": "CVE-2022-41262",
      "notes": [
        {
          "category": "description",
          "text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T016476"
        ]
      },
      "release_date": "2023-02-13T23:00:00.000+00:00",
      "title": "CVE-2022-41262"
    }
  ]
}

ghsa-jcxw-8wmf-frrv

Vulnerability from github

Published

2023-02-14 06:31

Modified

2023-02-21 21:30

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-24529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-14T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.",
  "id": "GHSA-jcxw-8wmf-frrv",
  "modified": "2023-02-21T21:30:18Z",
  "published": "2023-02-14T06:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24529"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3282663"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2023-24529

Vulnerability from fkie_nvd

Published

2023-02-14 04:15

Modified

2024-11-21 07:48

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cna@sap.com	https://launchpad.support.sap.com/#/notes/3282663	Permissions Required, Vendor Advisory
cna@sap.com	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/3282663	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	netweaver_as_abap_business_server_pages	7.00
sap	netweaver_as_abap_business_server_pages	7.01
sap	netweaver_as_abap_business_server_pages	7.02
sap	netweaver_as_abap_business_server_pages	7.31
sap	netweaver_as_abap_business_server_pages	7.40
sap	netweaver_as_abap_business_server_pages	7.50
sap	netweaver_as_abap_business_server_pages	7.51
sap	netweaver_as_abap_business_server_pages	7.52
sap	netweaver_as_abap_business_server_pages	75c
sap	netweaver_as_abap_business_server_pages	75d
sap	netweaver_as_abap_business_server_pages	75e
sap	netweaver_as_abap_business_server_pages	75f
sap	netweaver_as_abap_business_server_pages	75g
sap	netweaver_as_abap_business_server_pages	75h

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E6E948A-59A4-460A-8369-68E9A94CA4EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B2AC049-E6B5-4954-875A-7E66F2CEFEDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1097BE81-D7C7-4288-82A8-F5FA0EB492E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4AA4EAF-ED70-4FEC-85B5-C8229EB5F600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F822C6B-3047-4EB1-9A85-EE10EA592DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "689471D5-2189-48AF-ACE9-41DA4B642B1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD618C71-34FF-414C-86DC-C43C5EEF5D20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E4BD107-F102-4859-9439-955F4DACE96F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75c:*:*:*:*:*:*:*",
              "matchCriteriaId": "63AE465A-45CC-4834-BEC0-589935EFCAD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75d:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAADF821-7088-4D5C-BB6D-2662880AC62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75e:*:*:*:*:*:*:*",
              "matchCriteriaId": "76E464A9-F2FD-4A91-8562-A33EBABD24E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D396DE3-DCE7-4CB1-B6AB-85F2A850C180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75g:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC3734C6-B13F-4BDA-8586-47C18FD1B26E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75h:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3975983-9499-49E2-8A1E-F1F9B2B5A792",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\n\n"
    }
  ],
  "id": "CVE-2023-24529",
  "lastModified": "2024-11-21T07:48:03.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "cna@sap.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-14T04:15:12.977",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/3282663"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/3282663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    }
  ]
}

gsd-2023-24529

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-24529

Aliases

CVE-2023-24529

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-24529",
    "id": "GSD-2023-24529"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-24529"
      ],
      "details": "Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\n\n",
      "id": "GSD-2023-24529",
      "modified": "2023-12-13T01:20:57.666093Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2023-24529",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NetWeaver AS ABAP (Business Server Pages application)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "700"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "701"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "702"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "731"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "740"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "750"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "751"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "752"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "75C"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "75D"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "75E"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "75F"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "75G"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "75H"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://launchpad.support.sap.com/#/notes/3282663",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/3282663"
          },
          {
            "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
            "refsource": "MISC",
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2023-24529"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/3282663",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3282663"
            },
            {
              "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2023-04-11T22:15Z",
      "publishedDate": "2023-02-14T04:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-24529 (GCVE-0-2023-24529)

Vulnerability from cvelistv5

wid-sec-w-2023-0356

Vulnerability from csaf_certbund

ghsa-jcxw-8wmf-frrv

Vulnerability from github

fkie_cve-2023-24529

Vulnerability from fkie_nvd

gsd-2023-24529

Vulnerability from gsd

Tags

Sightings

Nomenclature