fkie_cve-2024-45278
Vulnerability from fkie_nvd
Published
2024-10-08 04:15
Modified
2024-11-14 17:17
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
References
▶ | URL | Tags | |
---|---|---|---|
cna@sap.com | https://me.sap.com/notes/3507545 | Permissions Required | |
cna@sap.com | https://url.sap/sapsecuritypatchday | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
sap | commerce_backoffice | 2205 | |
sap | commerce_backoffice | 2211 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:sap:commerce_backoffice:2205:*:*:*:*:*:*:*", "matchCriteriaId": "5F2AFF4D-0AEA-4A86-A9C8-DF4A4CE88C4C", "vulnerable": true }, { "criteria": "cpe:2.3:a:sap:commerce_backoffice:2211:*:*:*:*:*:*:*", "matchCriteriaId": "3F9EAF0D-6C5D-48BB-B0AB-8E72AE48EBDB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application." }, { "lang": "es", "value": "SAP Commerce Backoffice no codifica lo suficiente las entradas controladas por el usuario, lo que genera una vulnerabilidad de tipo Cross-Site Scripting (XSS). Despu\u00e9s de una explotaci\u00f3n exitosa, un atacante puede causar un impacto limitado en la confidencialidad e integridad de la aplicaci\u00f3n." } ], "id": "CVE-2024-45278", "lastModified": "2024-11-14T17:17:12.640", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "cna@sap.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2024-10-08T04:15:08.400", "references": [ { "source": "cna@sap.com", "tags": [ "Permissions Required" ], "url": "https://me.sap.com/notes/3507545" }, { "source": "cna@sap.com", "tags": [ "Vendor Advisory" ], "url": "https://url.sap/sapsecuritypatchday" } ], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "cna@sap.com", "type": "Primary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…