PT-2023-27932 · Sap · Sap S/4Hana
Published
2023-09-11
·
Updated
2023-09-14
·
CVE-2023-41369
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
SAP S/4HANA versions 100 through 108
Description
The issue allows an attacker to upload an XML file as an attachment in the Create Single Payment application. When the XML file is clicked on in the attachment section, it opens in the browser and can cause entity loops, slowing down the browser.
Recommendations
For SAP S/4HANA versions 100 through 108, consider restricting the upload of XML files in the Create Single Payment application to prevent potential exploitation. As a temporary workaround, avoid clicking on XML files in the attachment section to minimize the risk of browser slowdown.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap S/4Hana