Action not permitted
Modal body text goes here.
cve-2023-23852
Vulnerability from cvelistv5
Published
2023-02-14 03:12
Modified
2024-08-02 10:42
Severity ?
EPSS score ?
Summary
SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3266751 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SAP | Solution Manager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:27.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3266751"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Solution Manager",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "720"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u003c/p\u003e"
}
],
"value": "SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T21:22:15.619Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3266751"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-23852",
"datePublished": "2023-02-14T03:12:23.399Z",
"dateReserved": "2023-01-19T00:05:29.415Z",
"dateUpdated": "2024-08-02T10:42:27.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-23852\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2023-02-14T04:15:11.353\",\"lastModified\":\"2023-04-11T22:15:07.753\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:solution_manager:720:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A90B8CED-4299-4FBA-B3A0-0688B855FB6E\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/3266751\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
gsd-2023-23852
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-23852",
"id": "GSD-2023-23852"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-23852"
],
"details": "SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\n\n",
"id": "GSD-2023-23852",
"modified": "2023-12-13T01:20:49.613694Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2023-23852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solution Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "720"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-79",
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/3266751",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3266751"
},
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:solution_manager:720:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2023-23852"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/3266751",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3266751"
},
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-04-11T22:15Z",
"publishedDate": "2023-02-14T04:15Z"
}
}
}
ghsa-gchr-6m8h-w7wh
Vulnerability from github
Published
2023-02-14 06:31
Modified
2023-02-21 21:30
Severity ?
Details
SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-23852"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-14T04:15:00Z",
"severity": "MODERATE"
},
"details": "SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",
"id": "GHSA-gchr-6m8h-w7wh",
"modified": "2023-02-21T21:30:19Z",
"published": "2023-02-14T06:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23852"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3266751"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
var-202302-1246
Vulnerability from variot
SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP Solution Manager is a system monitoring system of SAP, Germany, which can facilitate the monitoring of technology-related and application-related functions of enterprises. When the malicious data is viewed, sensitive information can be obtained or user sessions can be hijacked
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1246",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "solution manager",
"scope": "eq",
"trust": 2.4,
"vendor": "sap",
"version": "720"
},
{
"model": "solution manager",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-23331"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003548"
},
{
"db": "NVD",
"id": "CVE-2023-23852"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:solution_manager:720:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-23852"
}
]
},
"cve": "CVE-2023-23852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-23331",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2023-003548",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-23852",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cna@sap.com",
"id": "CVE-2023-23852",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2023-003548",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-23331",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1017",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-23331"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003548"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1017"
},
{
"db": "NVD",
"id": "CVE-2023-23852"
},
{
"db": "NVD",
"id": "CVE-2023-23852"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP Solution Manager is a system monitoring system of SAP, Germany, which can facilitate the monitoring of technology-related and application-related functions of enterprises. When the malicious data is viewed, sensitive information can be obtained or user sessions can be hijacked",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-23852"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003548"
},
{
"db": "CNVD",
"id": "CNVD-2024-23331"
},
{
"db": "VULMON",
"id": "CVE-2023-23852"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-23852",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003548",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-23331",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1017",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-23852",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-23331"
},
{
"db": "VULMON",
"id": "CVE-2023-23852"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003548"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1017"
},
{
"db": "NVD",
"id": "CVE-2023-23852"
}
]
},
"id": "VAR-202302-1246",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-23331"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-23331"
}
]
},
"last_update_date": "2024-05-21T23:11:03.652000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEBRUARY\u00a02023",
"trust": 0.8,
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"title": "Patch for SAP Solution Manager Cross-Site Scripting Vulnerability (CNVD-2024-23331)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/546561"
},
{
"title": "SAP Solution Manager Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=226334"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2023-23852 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-23331"
},
{
"db": "VULMON",
"id": "CVE-2023-23852"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003548"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1017"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003548"
},
{
"db": "NVD",
"id": "CVE-2023-23852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://launchpad.support.sap.com/#/notes/3266751"
},
{
"trust": 1.7,
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23852"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-23852/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2023-23852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-23331"
},
{
"db": "VULMON",
"id": "CVE-2023-23852"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003548"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1017"
},
{
"db": "NVD",
"id": "CVE-2023-23852"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-23331"
},
{
"db": "VULMON",
"id": "CVE-2023-23852"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003548"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1017"
},
{
"db": "NVD",
"id": "CVE-2023-23852"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-23331"
},
{
"date": "2023-02-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-23852"
},
{
"date": "2023-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-003548"
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1017"
},
{
"date": "2023-02-14T04:15:11.353000",
"db": "NVD",
"id": "CVE-2023-23852"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-23331"
},
{
"date": "2023-02-14T00:00:00",
"db": "VULMON",
"id": "CVE-2023-23852"
},
{
"date": "2023-09-12T02:20:00",
"db": "JVNDB",
"id": "JVNDB-2023-003548"
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1017"
},
{
"date": "2023-04-11T22:15:07.753000",
"db": "NVD",
"id": "CVE-2023-23852"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP\u00a0Solution\u00a0Manager\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003548"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1017"
}
],
"trust": 0.6
}
}
wid-sec-w-2023-0356
Vulnerability from csaf_certbund
Published
2023-02-13 23:00
Modified
2023-02-13 23:00
Summary
SAP Software: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um die Vertraulichkeit Integrität und die Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- MacOS X
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- MacOS X\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0356 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0356.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0356 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0356"
},
{
"category": "external",
"summary": "SAP Patchday Februar 2023 vom 2023-02-13",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=10"
}
],
"source_lang": "en-US",
"title": "SAP Software: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-02-13T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:14:00.979+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-0356",
"initial_release_date": "2023-02-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-02-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T016476",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-25614",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-25614"
},
{
"cve": "CVE-2023-24530",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-24530"
},
{
"cve": "CVE-2023-24529",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-24529"
},
{
"cve": "CVE-2023-24528",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-24528"
},
{
"cve": "CVE-2023-24525",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-24525"
},
{
"cve": "CVE-2023-24524",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-24524"
},
{
"cve": "CVE-2023-24523",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-24523"
},
{
"cve": "CVE-2023-24522",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-24522"
},
{
"cve": "CVE-2023-24521",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-24521"
},
{
"cve": "CVE-2023-23860",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-23860"
},
{
"cve": "CVE-2023-23859",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-23859"
},
{
"cve": "CVE-2023-23858",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-23858"
},
{
"cve": "CVE-2023-23856",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-23856"
},
{
"cve": "CVE-2023-23855",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-23855"
},
{
"cve": "CVE-2023-23854",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-23854"
},
{
"cve": "CVE-2023-23853",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-23853"
},
{
"cve": "CVE-2023-23852",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-23852"
},
{
"cve": "CVE-2023-23851",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-23851"
},
{
"cve": "CVE-2023-0025",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-0025"
},
{
"cve": "CVE-2023-0024",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-0024"
},
{
"cve": "CVE-2023-0020",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-0020"
},
{
"cve": "CVE-2023-0019",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-0019"
},
{
"cve": "CVE-2023-0013",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2023-0013"
},
{
"cve": "CVE-2022-41268",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2022-41268"
},
{
"cve": "CVE-2022-41264",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2022-41264"
},
{
"cve": "CVE-2022-41262",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen: SAP Business Client, SAP Host Agent Service, SAP BASIS, SAP BusinessObjects Business Intelligence platform, SAP Business Planning and Consolidation, SAP Solution Manager, SAP GRC Process Control application, SAP Fiori apps, SAP S/4 HANA, SAP NetWeaver AS for ABAP, SAP NetWeaver AS for Java und SAP CRM. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit Integrit\u00e4t und die Verf\u00fcgbarkeit zu gef\u00e4hrden. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-02-13T23:00:00Z",
"title": "CVE-2022-41262"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.