CVE-2023-29110

Name of the Vulnerable Software and Affected Versions SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP BASIS 755, 756, SAP ABA 75C, 75D, 75E

Description The application allows the usage of HTML tags, enabling an authorized attacker to use basic HTML codes such as heading, basic formatting, and lists. This can lead to the injection of images from foreign domains. After successful exploitation, an attacker can cause limited impact on the confidentiality and integrity of the application.

Recommendations For versions AIF 703, AIFX 702, S4CORE 100, 101, SAP BASIS 755, 756, SAP ABA 75C, 75D, 75E, consider disabling the usage of HTML tags in the application as a temporary workaround until a patch is available. Restrict access to the Message Dashboard to minimize the risk of exploitation. Avoid using the application's image injection feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.