CVE-2023-33988

Name of the Vulnerable Software and Affected Versions SAP Enable Now versions WPB MANAGER 1.0, WPB MANAGER CE 10, WPB MANAGER HANA 10, ENABLE NOW CONSUMP DEL 1704

Description The issue is related to the lack of implementation of Content-Security-Policy and X-XSS-Protection response headers in SAP Enable Now, allowing an unauthenticated attacker to attempt reflected cross-site scripting. This could result in disclosure or modification of information. The vulnerability may be exploited by a remote attacker to conduct cross-site scripting attacks, potentially leading to read, modify, or delete access to data.

Recommendations For SAP Enable Now versions WPB MANAGER 1.0, WPB MANAGER CE 10, WPB MANAGER HANA 10, ENABLE NOW CONSUMP DEL 1704, consider implementing the Content-Security-Policy and X-XSS-Protection response headers to mitigate the risk of reflected cross-site scripting attacks. As a temporary workaround, restrict access to sensitive data and functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.