Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
0

CVE-2023-41369

Disclosure Date: September 12, 2023
CVE-2023-41369 CVSS v3 Base Score: 4.3
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
4.3 Medium
Impact Score:
1.4
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
Low

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
SAP S/4HANA (Create Single Payment application) 100
SAP S/4HANA (Create Single Payment application) 101
SAP S/4HANA (Create Single Payment application) 102
SAP S/4HANA (Create Single Payment application) 103
SAP S/4HANA (Create Single Payment application) 104
SAP S/4HANA (Create Single Payment application) 105
SAP S/4HANA (Create Single Payment application) 106
SAP S/4HANA (Create Single Payment application) 107
SAP S/4HANA (Create Single Payment application) 108
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis