CVE-2023-29112

Name of the Vulnerable Software and Affected Versions SAP Application Interface (Message Monitoring) versions 600, 700

Description The issue allows an authorized attacker to input links or headings with custom CSS classes into a comment, which will render links and custom CSS classes as HTML objects. After successful exploitation, an attacker can cause limited impact on the confidentiality and integrity of the application.

Recommendations For versions 600 and 700, consider restricting the ability to input custom CSS classes into comments to minimize the risk of exploitation. As a temporary workaround, consider disabling the rendering of HTML objects in comments until a patch is available. Restrict access to the comment feature in the SAP Application Interface (Message Monitoring) to authorized personnel only to reduce the risk of exploitation.