CVE-2023-0024: XSS
First published: Tue Feb 14 2023(Updated: )
SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Solution Manager | =720 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-0024?
The severity of CVE-2023-0024 is medium with a severity value of 5.4.
How does CVE-2023-0024 affect SAP Solution Manager?
CVE-2023-0024 affects SAP Solution Manager version 720.
What can an authenticated attacker do with CVE-2023-0024?
An authenticated attacker can craft a malicious link that, when clicked by an unsuspecting user, can be used to read or modify sensitive information or restrict access to desired resources.
How can I fix CVE-2023-0024?
To fix CVE-2023-0024, update SAP Solution Manager to a version that is not affected by this vulnerability.
Where can I find more information about CVE-2023-0024?
More information about CVE-2023-0024 can be found in the SAP support note [3265846](https://launchpad.support.sap.com/#/notes/3265846) and the SAP documentation [here](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).
- collector/nvd-index
- vendor/sap
- canonical/sap solution manager
- version/sap solution manager/720