CVE-2024-39595

Summary

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 700affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 701affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 702affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 730affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 731affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 740affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 750affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 751affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 752affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 753affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 754affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 755affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 756affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 757affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW 758affected
SAP_SESAP Business Warehouse - Business Planning and SimulationSAP_BW_VIRTUAL_COMP 701affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References