CVE-2023-30743

Name of the Vulnerable Software and Affected Versions SAPUI5 versions SAP UI 750, SAP UI 754, SAP UI 755, SAP UI 756, SAP UI 757, UI 700 200

Description The issue arises from improper neutralization of input in SAPUI5, allowing the injection of untrusted CSS through the sap.m.FormattedText SAPUI5 control. This can block user interaction with the application. Additionally, the lack of URL validation by the application could enable an attacker to read or modify user information through a phishing attack.

Recommendations For SAPUI5 versions SAP UI 750, SAP UI 754, SAP UI 755, SAP UI 756, SAP UI 757, UI 700 200, consider disabling the sap.m.FormattedText SAPUI5 control until a patch is available to prevent the injection of untrusted CSS. Restrict access to the vulnerable SAPUI5 control to minimize the risk of exploitation. Avoid using the sap.m.FormattedText control in applications where URL validation is not properly implemented until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.