CVE-2023-37488

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Process Integration versions SAP XIESR 7.50, SAP XITOOL 7.50, SAP XIAF 7.50

Description The issue is related to insufficient encoding of user-controlled inputs, which could result in a Cross-Site Scripting (XSS) attack. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the system.

Recommendations For SAP NetWeaver Process Integration versions SAP XIESR 7.50, SAP XITOOL 7.50, SAP XIAF 7.50, ensure that user-controlled inputs are sufficiently encoded to prevent Cross-Site Scripting (XSS) attacks. As a temporary workaround, consider implementing additional input validation and encoding mechanisms to minimize the risk of exploitation.