// For flags

CVE-2023-29110

Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

Severity Score

5.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-03-31 CVE Reserved
  • 2023-04-11 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-11-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sap
Search vendor "Sap"
Abap Platform
Search vendor "Sap" for product "Abap Platform"
75c
Search vendor "Sap" for product "Abap Platform" and version "75c"
-
Affected
Sap
Search vendor "Sap"
Abap Platform
Search vendor "Sap" for product "Abap Platform"
75d
Search vendor "Sap" for product "Abap Platform" and version "75d"
-
Affected
Sap
Search vendor "Sap"
Abap Platform
Search vendor "Sap" for product "Abap Platform"
75e
Search vendor "Sap" for product "Abap Platform" and version "75e"
-
Affected
Sap
Search vendor "Sap"
Application Interface Framework
Search vendor "Sap" for product "Application Interface Framework"
aif_703
Search vendor "Sap" for product "Application Interface Framework" and version "aif_703"
-
Affected
Sap
Search vendor "Sap"
Application Interface Framework
Search vendor "Sap" for product "Application Interface Framework"
aifx_702
Search vendor "Sap" for product "Application Interface Framework" and version "aifx_702"
-
Affected
Sap
Search vendor "Sap"
Basis
Search vendor "Sap" for product "Basis"
755
Search vendor "Sap" for product "Basis" and version "755"
-
Affected
Sap
Search vendor "Sap"
Basis
Search vendor "Sap" for product "Basis"
756
Search vendor "Sap" for product "Basis" and version "756"
-
Affected
Sap
Search vendor "Sap"
S4core
Search vendor "Sap" for product "S4core"
100
Search vendor "Sap" for product "S4core" and version "100"
-
Affected
Sap
Search vendor "Sap"
S4core
Search vendor "Sap" for product "S4core"
101
Search vendor "Sap" for product "S4core" and version "101"
-
Affected