CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-36920

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.0%

CVSS Severity

CVSS v3 Score 6.1

References

https://launchpad.support.sap.com/#/notes/3326769
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3326769
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Products affected by CVE-2023-36920

Sap » Enable Now Enable Now Consump Del » Version: 1704

cpe:2.3:a:sap:enable_now_enable_now_consump_del:1704
Sap » Enable Now Wpb Manager » Version: 1.0

cpe:2.3:a:sap:enable_now_wpb_manager:1.0
Sap » Enable Now Wpb Manager Ce » Version: 10

cpe:2.3:a:sap:enable_now_wpb_manager_ce:10
Sap » Enable Now Wpb Manager Hana » Version: 10

cpe:2.3:a:sap:enable_now_wpb_manager_hana:10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-36920

Products

Pricing

Contact Us