PT-2023-4099 · Sap · Sap Solution Manager

Publicado

2023-07-11

Atualizado

2023-07-27

CVE-2023-36921

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions SAP Solution Manager (Diagnostics agent) version 7.20

Description The issue is related to a lack of output encoding or escaping mechanism in the SAP Solution Manager (Diagnostics agent) platform. This can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability allows an attacker to tamper with headers in a client request, misleading the SAP Diagnostics Agent to serve poisoned content to the server, which can impact the confidentiality and availability of the application.

Recommendations For SAP Solution Manager (Diagnostics agent) version 7.20, update the software to a version that includes a fix for the output encoding or escaping mechanism issue to prevent cross-site scripting (XSS) attacks.

Correção

Improper Encoding or Escaping of Output

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-644CWE-116

Identificadores relacionados

BDU:2023-04407

CVE-2023-36921

Produtos afetados

Sap Solution Manager

PT-2023-4099 · Sap · Sap Solution Manager

CVE-2023-36921

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6