Cross-Site Scripting Vulnerability in SAP Solution Manager
CVE-2023-0024

6.5MEDIUM

Key Information:

Vendor: SAP
Status: Solution Manager (bsp Application)
Vendor: CVE Published:; 14 February 2023

Summary

A vulnerability in SAP Solution Manager's BSP application allows authenticated attackers to craft malicious links which, when clicked by unsuspecting users, can lead to the unauthorized reading or modification of sensitive information. This can also facilitate the delivery of payloads that restrict access to essential resources, significantly affecting the security and integrity of the system.

Affected Version(s)

Solution Manager (BSP Application) 720

References

https://launchpad.support.sap.com/#/notes/3265846

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Dec 22, 2022