Lucene search

[email protected]NVD:CVE-2023-30743

HistoryMay 09, 2023 - 2:15 a.m.

CVE-2023-30743

2023-05-0902:15:12

CWE-79

[email protected]

web.nvd.nist.gov

sapui5

input neutralization

vulnerability

css injection

phishing attack

url validation

user information

sap_ui

750

754

755

756

757

ui_700 200

sap.m.formattedtext

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.5%

JSON

Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.

Affected configurations

NVD

Node

sapsapui5Match700

sapsapui5Match750

sapsapui5Match754

sapsapui5Match755

sapsapui5Match756

sapsapui5Match757

References

launchpad.support.sap.com/#/notes/3326210

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.5%

JSON

Related for NVD:CVE-2023-30743

prion1 cve1 cvelist1