CVE-2023-41369 LOW

CVE-2023-41369: External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application)

Vendor Sap_Se
Product SAP S/4HANA (Create Single Payment application)
Weakness CWE-611 · XXE
Published September 12, 2023
Last update September 25, 2024

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.

Key dates

02Disclosure timeline

September 12, 2023 CVE published
September 25, 2024 Record updated