CVE-2023-23851: Malicious File Upload
First published: Tue Feb 14 2023(Updated: )
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Business Planning And Consolidation | =200 | |
| Sap Business Planning And Consolidation | =300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/event
- agent/weakness
- agent/tags
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap business planning and consolidation
- version/sap business planning and consolidation/200
- version/sap business planning and consolidation/300