CVE-2023-31407: XSS
First published: Tue May 09 2023(Updated: )
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Business Planning And Consolidation | =740 | |
| Sap Business Planning And Consolidation | =750 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-31407?
CVE-2023-31407 is a vulnerability in SAP Business Planning and Consolidation versions 740 and 750 that allows an authorized attacker to upload a malicious file, resulting in a Cross-Site Scripting vulnerability.
What is the severity of CVE-2023-31407?
The severity of CVE-2023-31407 is medium with a CVSS score of 5.4.
How can an attacker exploit CVE-2023-31407?
An attacker can exploit CVE-2023-31407 by uploading a malicious file.
What is the impact of CVE-2023-31407?
The impact of CVE-2023-31407 is limited to the confidentiality and integrity of the affected SAP Business Planning and Consolidation application.
How can I fix CVE-2023-31407?
To fix CVE-2023-31407, it is recommended to apply the necessary patches provided by SAP to the affected versions of SAP Business Planning and Consolidation.
- collector/nvd-latest
- collector/nvd-index
- vendor/sap
- canonical/sap business planning and consolidation
- version/sap business planning and consolidation/740
- version/sap business planning and consolidation/750