CVE-2023-49577

Name of the Vulnerable Software and Affected Versions SAP HCM (SMART PAYE solution) versions S4HCMCIE 100, SAP HRCIE 600, SAP HRCIE 604, SAP HRCIE 608

Description The SAP HCM (SMART PAYE solution) does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) issue. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.

Recommendations For versions S4HCMCIE 100, SAP HRCIE 600, SAP HRCIE 604, SAP HRCIE 608, consider implementing proper input encoding to prevent Cross-Site Scripting (XSS) attacks. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.