CVE-2024-30215

The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited.
Configurations

No configuration.

History

21 Nov 2024, 09:11

Type Values Removed Values Added
References () https://me.sap.com/notes/3421453 - () https://me.sap.com/notes/3421453 -
References () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 - () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 -

09 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) La página Resource Settings permite a un atacante con altos privilegios cargar un payload explotable para almacenarlo y reflejarlo cada vez que un usuario visita la página. En un ataque exitoso, se podría obtener y/o modificar cierta información. Sin embargo, el atacante no tiene control sobre qué información obtiene, o la cantidad o tipo de pérdida es limitada.

09 Apr 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-09 01:15

Updated : 2024-11-21 09:11


NVD link : CVE-2024-30215

Mitre link : CVE-2024-30215

CVE.ORG link : CVE-2024-30215


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')