In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information.
Metrics
Affected Vendors & Products
References
History
Mon, 21 Oct 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2023-07-11T02:26:57.068Z
Updated: 2024-10-21T21:10:43.834Z
Reserved: 2023-05-24T20:41:32.834Z
Link: CVE-2023-33988
Vulnrichment
Updated: 2024-08-02T15:54:14.157Z
NVD
Status : Analyzed
Published: 2023-07-11T03:15:09.523
Modified: 2023-07-18T18:28:55.847
Link: CVE-2023-33988
Redhat
No data.