Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-29109

Published: 11/04/2023 Updated: 18/04/2023
CVSS v3 Base Score: 4.6 | Impact Score: 2.5 | Exploitability Score: 2.1
VMScore: 0
Subscribe to Sap

Vulnerability Summary

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap abap platform 75c

sap abap platform 75d

sap abap platform 75e

sap basis 755

sap basis 756

sap s4core 101

sap application interface framework aifx_702

sap application interface framework aif_703

References

CWE-1236https://launchpad.support.sap.com/#/notes/3115598https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook