SAP Business Warehouse XSS Vulnerability Allows User-Controlled Modification of Website Content
CVE-2024-39595
5.4MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 9 July 2024
What is CVE-2024-39595?
SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application.
Affected Version(s)
SAP Business Warehouse - Business Planning and Simulation SAP_BW 700
SAP Business Warehouse - Business Planning and Simulation SAP_BW 701
SAP Business Warehouse - Business Planning and Simulation SAP_BW 702