VYPR
← All advisories
Medium severity4.8NVD Advisory· Published Apr 9, 2024· Updated Apr 15, 2026

CVE-2024-30215

CVE-2024-30215

Description

The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stored XSS vulnerability in the SAP Resource Settings page allows high-privilege attackers to inject malicious scripts that execute when other users visit the page.

Vulnerability

Details

The Resource Settings page in an unspecified SAP product contains a stored cross-site scripting (XSS) vulnerability [1]. A high-privilege attacker can inject a malicious payload that persists on the page, and the payload is stored and subsequently reflected whenever any user visits the affected page [1]. The root cause involves insufficient sanitization of user input that is later rendered in a web context.

Attack

Vector and Prerequisites

The attacker must have high-level privileges (e.g., administrator or similar role) to access the Resource Settings page and inject the payload [1]. No user interaction beyond visiting the page is required for the stored script to execute. The attack does not require any special network position beyond normal application access.

Impact

If exploited, the attacker can obtain or modify some information displayed on the page, but the attacker does not control which specific data is affected, and the overall loss is limited [1]. The vulnerability is rated Medium severity with a CVSS v3 base score of 4.8.

Mitigation

SAP releases security patches on its monthly Security Patch Day [1]. Administrators should apply the latest security notes for their product version. No workarounds are documented in the available sources.

References
  1. SAP Security Notes & News

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.