CVE-2024-39594

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application.
Configurations

No configuration.

History

21 Nov 2024, 09:28

Type Values Removed Values Added
References () https://me.sap.com/notes/3482217 - () https://me.sap.com/notes/3482217 -
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday -

09 Jul 2024, 18:19

Type Values Removed Values Added
Summary
  • (es) SAP Business Warehouse: la aplicación de simulación y planificación empresarial no codifica suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross Site Scripting reflejado (XSS). Después de una explotación exitosa, un atacante puede causar un impacto reducido en la confidencialidad y la integridad de la aplicación.

09 Jul 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 05:15

Updated : 2024-11-21 09:28


NVD link : CVE-2024-39594

Mitre link : CVE-2024-39594

CVE.ORG link : CVE-2024-39594


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')