CVE-2023-33991
Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management
Severity Score
8.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful exploitation, an attacker with user level access can cause high impact on confidentiality, modify some information and can cause unavailability of the application at user level.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-24 CVE Reserved
- 2023-06-13 CVE Published
- 2024-06-19 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-06-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Ui Search vendor "Sap" for product "Ui" | 700 Search vendor "Sap" for product "Ui" and version "700" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Ui Search vendor "Sap" for product "Ui" | 750 Search vendor "Sap" for product "Ui" and version "750" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Ui Search vendor "Sap" for product "Ui" | 754 Search vendor "Sap" for product "Ui" and version "754" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Ui Search vendor "Sap" for product "Ui" | 755 Search vendor "Sap" for product "Ui" and version "755" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Ui Search vendor "Sap" for product "Ui" | 756 Search vendor "Sap" for product "Ui" and version "756" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Ui Search vendor "Sap" for product "Ui" | 757 Search vendor "Sap" for product "Ui" and version "757" | - |
Affected
| ||||||