CVE-2023-41369 Information
Sep 16, 2023
cve
Description
The Create Single Payment application of SAP S/4HANA - versions 100 101 102 103 104 105 106 107 108 allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section the file gets opened in the browser to cause the entity loops to slow down the browser.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Reference
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html https://me.sap.com/notes/3369680
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
LOW
Base Severity
4.3
Share on: