CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-33991

SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.3%

CVSS Severity

CVSS v3 Score 8.2

References

https://launchpad.support.sap.com/#/notes/3324285
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3324285
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Products affected by CVE-2023-33991

Sap » Ui » Version: 700

cpe:2.3:a:sap:ui:700
Sap » Ui » Version: 750

cpe:2.3:a:sap:ui:750
Sap » Ui » Version: 754

cpe:2.3:a:sap:ui:754
Sap » Ui » Version: 755

cpe:2.3:a:sap:ui:755
Sap » Ui » Version: 756

cpe:2.3:a:sap:ui:756
Sap » Ui » Version: 757

cpe:2.3:a:sap:ui:757

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33991

Products

Pricing

Contact Us