SAP PDFViewer Vulnerability: Execution of Embedded JavaScript Can Cause Security Threats

CVE-2024-33007
3.5LOW

Key Information

Vendor
SAP
Status
SAPui5 (PDFviewer)
Vendor
CVE Published:
14 May 2024

Summary

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential security threat.

Affected Version(s)

SAPUI5 (PDFViewer) = 754

SAPUI5 (PDFViewer) = 755

SAPUI5 (PDFViewer) = 756

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.