CVE-2024-39594
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 700 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 701 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 702 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 730 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 731 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 740 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 750 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 751 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 752 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 753 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 754 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 755 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 756 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 757 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW 758 | affected |
| SAP_SE | SAP Business Warehouse - Business Planning and Simulation | SAP_BW_VIRTUAL_COMP 701 | affected |
Weaknesses
- CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.