CVE-2023-49584: Client-Side Desynchronization vulnerability in SAP Fiori Launchpad
First published: Tue Dec 12 2023(Updated: )
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Fiori Launchpad | =200 | |
| SAP Fiori Launchpad | =700 | |
| SAP Fiori Launchpad | =750 | |
| SAP Fiori Launchpad | =754 | |
| SAP Fiori Launchpad | =755 | |
| SAP Fiori Launchpad | =756 | |
| SAP Fiori Launchpad | =757 | |
| SAP Fiori Launchpad | =758 | |
| SAP Fiori Launchpad | =793 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- collector/nvd-api
- vendor/sap
- canonical/sap fiori launchpad
- version/sap fiori launchpad/200
- version/sap fiori launchpad/700
- version/sap fiori launchpad/750
- version/sap fiori launchpad/754
- version/sap fiori launchpad/755
- version/sap fiori launchpad/756
- version/sap fiori launchpad/757
- version/sap fiori launchpad/758
- version/sap fiori launchpad/793