CVE-2024-39595

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 57.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Warehouse - Business Planning AND Simulation SAP Business Warehouse SAP Business Warehouse Virtual Comp

Timeline

PublishedJul 9

Description

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5sap_se/sap_business_warehouse_-_business_planning_and_simulation16 versions+15

▶NVDsap/business_warehouse15 versions+14

▶NVDsap/business_warehouse_virtual_comp701

Patches

Patch: url.sap ↗Patch: url.sap ↗

🔴Vulnerability Details

CVEList

[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation↗2024-07-09

▶

GHSA

GHSA-v493-vq34-28gv: SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-S↗2024-07-09

▶