SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 14 Nov 2024 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap commerce Backoffice
CPEs cpe:2.3:a:sap:commerce_backoffice:2205:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_backoffice:2211:*:*:*:*:*:*:*
Vendors & Products Sap
Sap commerce Backoffice

Tue, 08 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Sap Se
Sap Se sap Commerce Backoffice
CPEs cpe:2.3:a:sap_se:sap_commerce_backoffice:*:*:*:*:*:*:*:*
Vendors & Products Sap Se
Sap Se sap Commerce Backoffice
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 08 Oct 2024 03:30:00 +0000

Type Values Removed Values Added
Description SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
Title Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2024-10-08T13:57:27.631Z

Reserved: 2024-08-26T10:39:20.931Z

Link: CVE-2024-45278

cve-icon Vulnrichment

Updated: 2024-10-08T13:57:15.676Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-08T04:15:08.400

Modified: 2024-11-14T17:17:12.640

Link: CVE-2024-45278

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.