CVE-2023-36918

Name of the Vulnerable Software and Affected Versions SAP Enable Now versions WPB MANAGER 1.0, WPB MANAGER CE 10, WPB MANAGER HANA 10, ENABLE NOW CONSUMP DEL 1704

Description The issue is related to the absence of the X-Content-Type-Options response header, which allows an unauthenticated attacker to trigger MIME type sniffing. This can lead to Cross-Site Scripting (XSS), potentially resulting in the disclosure or modification of information. The vulnerability can be exploited by a remote attacker to conduct XSS attacks.

Recommendations For SAP Enable Now versions WPB MANAGER 1.0, WPB MANAGER CE 10, WPB MANAGER HANA 10, ENABLE NOW CONSUMP DEL 1704, consider implementing the X-Content-Type-Options response header to prevent MIME type sniffing and mitigate the risk of Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.