6.1
CVE-2024-39594
- EPSS 0.17%
- Veröffentlicht 09.07.2024 05:15:12
- Zuletzt bearbeitet 29.10.2025 14:39:47
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Business Warehouse Version700
SAP ≫ Business Warehouse Version701
SAP ≫ Business Warehouse Version702
SAP ≫ Business Warehouse Version730
SAP ≫ Business Warehouse Version731
SAP ≫ Business Warehouse Version740
SAP ≫ Business Warehouse Version750
SAP ≫ Business Warehouse Version751
SAP ≫ Business Warehouse Version752
SAP ≫ Business Warehouse Version753
SAP ≫ Business Warehouse Version754
SAP ≫ Business Warehouse Version755
SAP ≫ Business Warehouse Version756
SAP ≫ Business Warehouse Version757
SAP ≫ Business Warehouse Version758
SAP ≫ Business Warehouse Virtual Comp Version701
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.383 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.