What is the vulnerability ID for this SAP Enable Now vulnerability?

The vulnerability ID for this SAP Enable Now vulnerability is CVE-2023-33988.

What is the severity of CVE-2023-33988?

The severity of CVE-2023-33988 is medium.

How does CVE-2023-33988 work?

CVE-2023-33988 allows an unauthenticated attacker to attempt reflected cross-site scripting by exploiting the lack of implementation of Content-Security-Policy and X-XSS-Protection response headers.

Are there any references available for CVE-2023-33988?

Yes, you can find references for CVE-2023-33988 at the following links: [Reference 1](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html), [Reference 2](https://me.sap.com/notes/3326769).

Vulnerability/
CVE-2023-33988

medium

6.1

CWE

11/7/2023

21/10/2024

CVE-2023-33988: Cross-Site Scripting vulnerability in SAP Enable Now

First published: Tue Jul 11 2023(Updated: )

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information.

Credit: cna@sap.com cna@sap.com

Affected Software	Affected Version	How to fix
SAP Enable Now

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this SAP Enable Now vulnerability?
The vulnerability ID for this SAP Enable Now vulnerability is CVE-2023-33988.
What is the severity of CVE-2023-33988?
The severity of CVE-2023-33988 is medium.
What is the affected software for CVE-2023-33988?
The affected software for CVE-2023-33988 is SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704.
How does CVE-2023-33988 work?
CVE-2023-33988 allows an unauthenticated attacker to attempt reflected cross-site scripting by exploiting the lack of implementation of Content-Security-Policy and X-XSS-Protection response headers.
Are there any references available for CVE-2023-33988?
Yes, you can find references for CVE-2023-33988 at the following links: [Reference 1](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html), [Reference 2](https://me.sap.com/notes/3326769).

collector/nvd-latest
collector/nvd-index
agent/author
agent/references
agent/type
agent/softwarecombine
collector/nvd-api
agent/software-canonical-lookup-request
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/tags
agent/first-publish-date
agent/event
vendor/sap
canonical/sap enable now

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.