CVE-2024-33007

Summary

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential security threat.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAPUI5 (PDFViewer)754affected
SAP_SESAPUI5 (PDFViewer)755affected
SAP_SESAPUI5 (PDFViewer)756affected
SAP_SESAPUI5 (PDFViewer)757affected
SAP_SESAPUI5 (PDFViewer)758affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References