CVE-2024-39594

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 55.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Warehouse - Business Planning AND Simulation SAP Business Warehouse SAP Business Warehouse Virtual Comp

Timeline

PublishedJul 9

Description

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5sap_se/sap_business_warehouse_-_business_planning_and_simulation16 versions+15

▶NVDsap/business_warehouse15 versions+14

▶NVDsap/business_warehouse_virtual_comp701

Patches

Patch: url.sap ↗Patch: url.sap ↗

🔴Vulnerability Details

CVEList

[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation↗2024-07-09

▶

GHSA

GHSA-97w5-x582-9cr9: SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cros↗2024-07-09

▶