CVE-2023-41369

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:s\/4_hana:100:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:101:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:108:*:*:*:*:*:*:*

History

14 Sep 2023, 02:11

Type Values Removed Values Added
References (MISC) https://me.sap.com/notes/3369680 - (MISC) https://me.sap.com/notes/3369680 - Permissions Required
References (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
First Time Sap
Sap s\/4 Hana
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:108:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:101:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:100:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:*

12 Sep 2023, 11:52

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-12 02:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-41369

Mitre link : CVE-2023-41369

CVE.ORG link : CVE-2023-41369


JSON object : View

Products Affected

sap

  • s\/4_hana
CWE
CWE-611

Improper Restriction of XML External Entity Reference