CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-29109

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.7%

CVSS Severity

CVSS v3 Score 4.4

References

Products affected by CVE-2023-29109

Sap » Abap Platform » Version: 75c

cpe:2.3:a:sap:abap_platform:75c
Sap » Abap Platform » Version: 75d

cpe:2.3:a:sap:abap_platform:75d
Sap » Abap Platform » Version: 75e

cpe:2.3:a:sap:abap_platform:75e
Sap » Application Interface Framework » Version: aif_703

cpe:2.3:a:sap:application_interface_framework:aif_703
Sap » Application Interface Framework » Version: aifx_702

cpe:2.3:a:sap:application_interface_framework:aifx_702
Sap » Basis » Version: 755

cpe:2.3:a:sap:basis:755
Sap » Basis » Version: 756

cpe:2.3:a:sap:basis:756
Sap » S4core » Version: 101

cpe:2.3:a:sap:s4core:101

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-29109

Products

Pricing

Contact Us