// For flags

CVE-2023-36920

Clickjacking vulnerability in SAP Enable Now

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.

En SAP Enable Now - versiones WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS el encabezado de respuesta no está implementado, lo que permite que un atacante no autenticado intente hacer click, lo que podría resultar en la divulgación o modificación de información.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-06-27 CVE Reserved
  • 2023-10-30 CVE Published
  • 2024-09-06 CVE Updated
  • 2024-11-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sap
Search vendor "Sap"
Enable Now Enable Now Consump Del
Search vendor "Sap" for product "Enable Now Enable Now Consump Del"
1704
Search vendor "Sap" for product "Enable Now Enable Now Consump Del" and version "1704"
-
Affected
Sap
Search vendor "Sap"
Enable Now Wpb Manager
Search vendor "Sap" for product "Enable Now Wpb Manager"
1.0
Search vendor "Sap" for product "Enable Now Wpb Manager" and version "1.0"
-
Affected
Sap
Search vendor "Sap"
Enable Now Wpb Manager Ce
Search vendor "Sap" for product "Enable Now Wpb Manager Ce"
10
Search vendor "Sap" for product "Enable Now Wpb Manager Ce" and version "10"
-
Affected
Sap
Search vendor "Sap"
Enable Now Wpb Manager Hana
Search vendor "Sap" for product "Enable Now Wpb Manager Hana"
10
Search vendor "Sap" for product "Enable Now Wpb Manager Hana" and version "10"
-
Affected