5.4
CVE-2024-39595
- EPSS 0.16%
- Veröffentlicht 09.07.2024 05:15:12
- Zuletzt bearbeitet 28.10.2025 18:41:39
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Business Warehouse Version700
SAP ≫ Business Warehouse Version701
SAP ≫ Business Warehouse Version702
SAP ≫ Business Warehouse Version730
SAP ≫ Business Warehouse Version731
SAP ≫ Business Warehouse Version740
SAP ≫ Business Warehouse Version750
SAP ≫ Business Warehouse Version751
SAP ≫ Business Warehouse Version752
SAP ≫ Business Warehouse Version753
SAP ≫ Business Warehouse Version754
SAP ≫ Business Warehouse Version755
SAP ≫ Business Warehouse Version756
SAP ≫ Business Warehouse Version757
SAP ≫ Business Warehouse Version758
SAP ≫ Business Warehouse Virtual Comp Version701
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.368 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.