CVE-2024-47590

Summary

An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Web DispatcherWEBDISP 7.77affected
SAP_SESAP Web Dispatcher7.89affected
SAP_SESAP Web Dispatcher7.93affected
SAP_SESAP Web DispatcherKERNEL 7.77affected
SAP_SESAP Web Dispatcher9.12affected
SAP_SESAP Web Dispatcher9.13affected

Weaknesses

  • CWE-791: CWE-791: Incomplete Filtering of Special ElementCWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References