CVE-2024-42378 Information

Description

Due to weak encoding of user-controlled inputs eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application potentially leading to a Reflected Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application but it can have some minor impact on its confidentiality and integrity.

Reference

https://me.sap.com/notes/3497347 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday