CVE-2023-29110

CVSS V2 None CVSS V3 None
Description
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.
Overview
  • CVE ID
  • CVE-2023-29110
  • Assigner
  • cna@sap.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-11T04:16:07
  • Last Modified Date
  • 2023-04-18T01:54:42
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CWE-80 http://cwe.mitre.org/data/definitions/80.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:sap:abap_platform:75c:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:abap_platform:75d:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:abap_platform:75e:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:application_interface_framework:aif_703:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:application_interface_framework:aifx_702:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:basis:755:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:basis:756:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:s4core:100:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:s4core:101:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://launchpad.support.sap.com/#/notes/3113349
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-29110
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29110
History
Created Old Value New Value Data Type Notes
2023-04-17 04:28:32 Added to TrackCVE
2023-04-17 04:28:34 Weakness Enumeration new
2023-04-17 12:00:37 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-18 02:00:29 2023-04-18T01:54:42 CVE Modified Date updated
2023-04-18 02:00:29 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-18 02:00:34 Weakness Enumeration update
2023-04-18 02:00:37 CPE Information updated