Описание
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:7.50:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:7.51:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:7.52:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:7.54:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00267
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.
EPSS
Процентиль: 50%
0.00267
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79