Unrated severityNVD Advisory· Published Feb 14, 2023· Updated Mar 21, 2025
CVE-2023-23851
CVE-2023-23851
Description
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system.
Affected products
2200, 300+ 1 more
- (no CPE)range: 200, 300
- (no CPE)range: 200
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.