Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)
CVE-2023-29109

4.4MEDIUM

Key Information:

Vendor

SAP
Status
Application Interface Framework (message Dashboard)
Vendor
CVE Published:
11 April 2023

What is CVE-2023-29109?

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Application Interface Framework (Message Dashboard) AIF 703

Application Interface Framework (Message Dashboard) AIFX 702

Application Interface Framework (Message Dashboard) S4CORE 101

References

https://launchpad.support.sap.com/#/notes/3115598
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.