CVE-2023-37488 MEDIUM

CVE-2023-37488: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration

Vendor Sap_Se

Product SAP NetWeaver Process Integration

Weakness CWE-79 · XSS

Published August 8, 2023

Last update October 10, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system.

Key dates

02Disclosure timeline

August 8, 2023 CVE published

October 10, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-37488

Related vulnerabilities

Identifiers

CVE CVE-2023-37488

CWE CWE-79

CVSS 6.1 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP NetWeaver Process Integration

Affected SAP_XIESR 7.50

Vendor Sap_Se

Product SAP NetWeaver Process Integration

Affected SAP_XITOOL 7.50

Vendor Sap_Se

Product SAP NetWeaver Process Integration

Affected SAP_XIAF 7.50

CVE-2023-37488: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration

01Description

02Disclosure timeline

03References

04Related CVE