CVE-2024-39594

EPSS 0.22%
Veröffentlicht 09.07.2024 05:15:12
Zuletzt bearbeitet 29.10.2025 14:39:47
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation

SAP Business Warehouse - Business Planning and
Simulation application does not sufficiently encode user controlled inputs,
resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After
successful exploitation, an attacker can cause low impact on the confidentiality
and integrity of the application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 16 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Business Warehouse Version700

SAP ≫ Business Warehouse Version701

SAP ≫ Business Warehouse Version702

SAP ≫ Business Warehouse Version730

SAP ≫ Business Warehouse Version731

SAP ≫ Business Warehouse Version740

SAP ≫ Business Warehouse Version750

SAP ≫ Business Warehouse Version751

SAP ≫ Business Warehouse Version752

SAP ≫ Business Warehouse Version753

SAP ≫ Business Warehouse Version754

SAP ≫ Business Warehouse Version755

SAP ≫ Business Warehouse Version756

SAP ≫ Business Warehouse Version757

SAP ≫ Business Warehouse Version758

SAP ≫ Business Warehouse Virtual Comp Version701

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.443

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://url.sap/sapsecuritypatchday

Patch

https://me.sap.com/notes/3482217

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-39594

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39594

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39594

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-39594