CVE-2024-30214

The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side.
Configurations

No configuration.

History

21 Nov 2024, 09:11

Type Values Removed Values Added
References () https://me.sap.com/notes/3421453 - () https://me.sap.com/notes/3421453 -
References () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 - () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 -

09 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) La aplicación permite que un atacante con privilegios elevados agregue un parámetro de consulta GET malicioso a las invocaciones del Servicio, que se reflejan en la respuesta del servidor. En determinadas circunstancias, si el parámetro contiene JavaScript, el script podría procesarse en el lado del cliente.

09 Apr 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-09 01:15

Updated : 2024-11-21 09:11


NVD link : CVE-2024-30214

Mitre link : CVE-2024-30214

CVE.ORG link : CVE-2024-30214


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')