Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management
CVE-2023-33991

8.2HIGH

Key Information:

Vendor: SAP
Status: SAP UI5 Variant Management
Vendor: CVE Published:; 13 June 2023

Summary

The SAP UI5 Variant Management has a Stored Cross-Site Scripting vulnerability due to inadequate encoding of user-controlled inputs when fetching data from the server. This issue affects several versions, granting attackers with user-level access the potential to exploit this vulnerability. Successful exploitation can significantly compromise confidentiality, alter information, and may lead to service disruptions for users.

Affected Version(s)

SAP UI5 Variant Management SAP_UI 750

SAP UI5 Variant Management SAP_UI 754

SAP UI5 Variant Management SAP_UI 755

References

https://launchpad.support.sap.com/#/notes/3324285

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
May 24, 2023