CVE-2023-36918

CVSS V2 None CVSS V3 None
Description
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information.
Overview
  • CVE ID
  • CVE-2023-36918
  • Assigner
  • sap
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-07-11T02:49:54.837Z
  • Last Modified Date
  • 2023-07-11T02:49:54.837Z
History
Created Old Value New Value Data Type Notes
2024-06-25 16:24:53 Added to TrackCVE