CVE-2023-29109

Name of the Vulnerable Software and Affected Versions SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP BASIS 755, 756, SAP ABA 75C, 75D, 75E

Description The application allows an Excel formula injection, enabling an authorized attacker to inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed, potentially causing limited impact on the confidentiality and integrity of the application.

Recommendations For versions AIF 703, AIFX 702, S4CORE 101, SAP BASIS 755, 756, SAP ABA 75C, 75D, 75E, consider disabling the Custom Hints List feature until a patch is available to prevent Excel formula injection. Restrict access to the Tooltip field to minimize the risk of exploitation. Avoid using the Custom Hints List feature in the affected application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.