CVE-2023-29112 LOW

CVE-2023-29112: Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)

Vendor Sap
Product Application Interface Framework (Message Monitoring)
Weakness CWE-80 · XSS · basic
Published April 11, 2023
Last update February 7, 2025

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.

Key dates

02Disclosure timeline

April 11, 2023 CVE published
February 7, 2025 Record updated

Related vulnerabilities

04Related CVE