Unrated severityNVD Advisory· Published Apr 11, 2023· Updated Feb 7, 2025
Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)
CVE-2023-29112
Description
The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.
Affected products
2>= 600, <= 700+ 1 more
- (no CPE)range: >= 600, <= 700
- (no CPE)range: 600
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.