First published: Tue Apr 11 2023(Updated: )
The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP Application Interface | =600 | |
SAP Application Interface | =700 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-29112.
The title of the vulnerability is 'The SAP Application Interface (Message Monitoring) - versions 600, 700 allows an authorized attacker ...'
The severity of CVE-2023-29112 is medium with a severity value of 5.4.
The affected software for CVE-2023-29112 is the SAP Application Interface versions 600 and 700.
An attacker can exploit CVE-2023-29112 by inputting links or headings with custom CSS classes into a comment, causing limited impact.