Vulnerabilities > CVE-2023-49577 - Unspecified vulnerability in SAP Human Capital Management

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2023-12-12

Updated: 2024-11-21

Summary

The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Human Capital Management S4Hcmcie_100 SAP Human Capital Management Sap_Hrcie_600 SAP Human Capital Management Sap_Hrcie_604 SAP Human Capital Management Sap_Hrcie_608	4

References

https://me.sap.com/notes/3217087
https://me.sap.com/notes/3217087
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html