SAP Commerce Backoffice Unsecured User-Controlled Inputs Lead to Cross-Site Scripting (XSS) Vulnerability
CVE-2024-41735

5.4MEDIUM

Key Information:

Vendor

SAP
Status
SAP Commerce Backoffice
Vendor
CVE Published:
13 August 2024

What is CVE-2024-41735?

SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application.

Affected Version(s)

SAP Commerce Backoffice HY_COM 2205

References

https://me.sap.com/notes/3483256
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-41735 : SAP Commerce Backoffice Unsecured User-Controlled Inputs Lead to Cross-Site Scripting (XSS) Vulnerability