CVE-2023-49577: Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution)
First published: Tue Dec 12 2023(Updated: )
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Human Capital Management | =s4hcmcie_100 | |
| Sap Human Capital Management | =sap_hrcie_600 | |
| Sap Human Capital Management | =sap_hrcie_604 | |
| Sap Human Capital Management | =sap_hrcie_608 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- collector/nvd-api
- vendor/sap
- canonical/sap human capital management
- version/sap human capital management/s4hcmcie_100
- version/sap human capital management/sap_hrcie_600
- version/sap human capital management/sap_hrcie_604
- version/sap human capital management/sap_hrcie_608