Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution)
CVE-2023-49577

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP HCM (SMART PAYE solution)
Vendor: CVE Published:; 12 December 2023

Summary

The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.

Affected Version(s)

SAP HCM (SMART PAYE solution) S4HCMCIE 100

SAP HCM (SMART PAYE solution) SAP_HRCIE 600

SAP HCM (SMART PAYE solution) SAP_HRCIE 604

References

https://me.sap.com/notes/3217087

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Nov 27, 2023