CVE-2024-30214 Information

Description

The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations which are reflected in the server response. Under certain circumstances if the parameter contains a JavaScript the script could be processed on client side.

Reference

https://me.sap.com/notes/3421453 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364