CVE-2024-39594

Summary

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 700affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 701affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 702affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 730affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 731affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 740affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 750affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 751affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 752affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 753affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 754affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 755affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 756affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 757affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 758affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW_VIRTUAL_COMP 701affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References