Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-39594

Disclosure Date: July 09, 2024 •

CVE-2024-39594

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

SAP Business Warehouse – Business Planning and
Simulation application does not sufficiently encode user controlled inputs,
resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After
successful exploitation, an attacker can cause low impact on the confidentiality
and integrity of the application.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

SAP Business Warehouse - Business Planning and Simulation SAP_BW 700

SAP Business Warehouse - Business Planning and Simulation SAP_BW 701

SAP Business Warehouse - Business Planning and Simulation SAP_BW 702

SAP Business Warehouse - Business Planning and Simulation SAP_BW 730

SAP Business Warehouse - Business Planning and Simulation SAP_BW 731

SAP Business Warehouse - Business Planning and Simulation SAP_BW 740

SAP Business Warehouse - Business Planning and Simulation SAP_BW 750

SAP Business Warehouse - Business Planning and Simulation SAP_BW 751

SAP Business Warehouse - Business Planning and Simulation SAP_BW 752

SAP Business Warehouse - Business Planning and Simulation SAP_BW 753

SAP Business Warehouse - Business Planning and Simulation SAP_BW 754

SAP Business Warehouse - Business Planning and Simulation SAP_BW 755

SAP Business Warehouse - Business Planning and Simulation SAP_BW 756

SAP Business Warehouse - Business Planning and Simulation SAP_BW 757

SAP Business Warehouse - Business Planning and Simulation SAP_BW 758

SAP Business Warehouse - Business Planning and Simulation SAP_BW_VIRTUAL_COMP 701

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

SAP_SE

Products

SAP Business Warehouse - Business Planning and Simulation

References

Canonical

CVE-2024-39594 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39594)

Miscellaneous

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3482217

Rapid7

Unknown

CVE-2024-39594

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-39594

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-39594

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-39594

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification