What is the vulnerability ID for this SAP S/4HANA vulnerability?

The vulnerability ID for this SAP S/4HANA vulnerability is CVE-2023-41369.

What is the severity of CVE-2023-41369?

The severity of CVE-2023-41369 is medium, with a severity value of 4.3.

Which versions of SAP S/4HANA are affected by CVE-2023-41369?

The versions 100, 101, 102, 103, 104, 105, 106, 107, and 108 of SAP S/4HANA are affected by CVE-2023-41369.

What is the impact of CVE-2023-41369?

CVE-2023-41369 allows an attacker to upload an XML file as an attachment in the Create Single Payment application of SAP S/4HANA, which can cause entity loops to slow down.

Are there any fixes or patches available for CVE-2023-41369?

The SAP Note 3369680 provides information regarding fixes or patches for CVE-2023-41369.

Vulnerability/
CVE-2023-41369

medium

4.3

CWE

611

12/9/2023

25/9/2024

CVE-2023-41369: External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application)

First published: Tue Sep 12 2023(Updated: )

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.

Credit: cna@sap.com cna@sap.com

Affected Software	Affected Version	How to fix
Sap S\/4 Hana	=100
Sap S\/4 Hana	=101
Sap S\/4 Hana	=102
Sap S\/4 Hana	=103
Sap S\/4 Hana	=104
Sap S\/4 Hana	=105
Sap S\/4 Hana	=106
Sap S\/4 Hana	=107
Sap S\/4 Hana	=108

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this SAP S/4HANA vulnerability?
The vulnerability ID for this SAP S/4HANA vulnerability is CVE-2023-41369.
What is the severity of CVE-2023-41369?
The severity of CVE-2023-41369 is medium, with a severity value of 4.3.
Which versions of SAP S/4HANA are affected by CVE-2023-41369?
The versions 100, 101, 102, 103, 104, 105, 106, 107, and 108 of SAP S/4HANA are affected by CVE-2023-41369.
What is the impact of CVE-2023-41369?
CVE-2023-41369 allows an attacker to upload an XML file as an attachment in the Create Single Payment application of SAP S/4HANA, which can cause entity loops to slow down.
Are there any fixes or patches available for CVE-2023-41369?
The SAP Note 3369680 provides information regarding fixes or patches for CVE-2023-41369.

collector/nvd-api
collector/nvd-index
agent/references
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/title
agent/severity
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/sap
canonical/sap s\/4 hana
version/sap s\/4 hana/100
version/sap s\/4 hana/101
version/sap s\/4 hana/102
version/sap s\/4 hana/103
version/sap s\/4 hana/104
version/sap s\/4 hana/105
version/sap s\/4 hana/106
version/sap s\/4 hana/107
version/sap s\/4 hana/108

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.