CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-29112

The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.8%

CVSS Severity

CVSS v3 Score 3.7

References

https://launchpad.support.sap.com/#/notes/3114489
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3114489
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Products affected by CVE-2023-29112

Sap » Application Interface » Version: 600

cpe:2.3:a:sap:application_interface:600
Sap » Application Interface » Version: 700

cpe:2.3:a:sap:application_interface:700

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-29112

Products

Pricing

Contact Us