CVE-2023-36920

Name of the Vulnerable Software and Affected Versions SAP Enable Now versions WPB MANAGER 1.0, WPB MANAGER CE 10, WPB MANAGER HANA 10, ENABLE NOW CONSUMP DEL 1704

Description The issue is related to the absence of the X-FRAME-OPTIONS response header in SAP Enable Now, allowing an unauthenticated attacker to attempt clickjacking. This could result in the disclosure or modification of information.

Recommendations For SAP Enable Now versions WPB MANAGER 1.0, WPB MANAGER CE 10, WPB MANAGER HANA 10, ENABLE NOW CONSUMP DEL 1704, consider implementing the X-FRAME-OPTIONS response header to prevent clickjacking attacks. As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.