Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for business_warehouse_virtual_comp by sap

    CVE-2024-39595 (GCVE-0-2024-39595)

    Vulnerability from nvd – Published: 2024-07-09 04:13 – Updated: 2024-08-02 04:26
    VLAI
    Title
    [CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation
    Summary
    SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Business Warehouse - Business Planning and Simulation Affected: SAP_BW 700
    Affected: SAP_BW 701
    Affected: SAP_BW 702
    Affected: SAP_BW 730
    Affected: SAP_BW 731
    Affected: SAP_BW 740
    Affected: SAP_BW 750
    Affected: SAP_BW 751
    Affected: SAP_BW 752
    Affected: SAP_BW 753
    Affected: SAP_BW 754
    Affected: SAP_BW 755
    Affected: SAP_BW 756
    Affected: SAP_BW 757
    Affected: SAP_BW 758
    Affected: SAP_BW_VIRTUAL_COMP 701
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39595",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:53:52.958466Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T14:54:14.485Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:26:16.023Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3482217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Business Warehouse - Business Planning and Simulation",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BW 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 730"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW_VIRTUAL_COMP 701"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user-controlled inputs,\nresulting in Stored Cross-Site Scripting (XSS) vulnerability. This\nvulnerability allows users to modify website content and on successful\nexploitation, an attacker can cause low impact to the confidentiality and\nintegrity of the application.\n\n\n\n"
                }
              ],
              "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user-controlled inputs,\nresulting in Stored Cross-Site Scripting (XSS) vulnerability. This\nvulnerability allows users to modify website content and on successful\nexploitation, an attacker can cause low impact to the confidentiality and\nintegrity of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:13:49.560Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3482217"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-39595",
        "datePublished": "2024-07-09T04:13:49.560Z",
        "dateReserved": "2024-06-26T09:58:24.095Z",
        "dateUpdated": "2024-08-02T04:26:16.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39594 (GCVE-0-2024-39594)

    Vulnerability from nvd – Published: 2024-07-09 04:10 – Updated: 2024-08-02 04:26
    VLAI
    Title
    [CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation
    Summary
    SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Business Warehouse - Business Planning and Simulation Affected: SAP_BW 700
    Affected: SAP_BW 701
    Affected: SAP_BW 702
    Affected: SAP_BW 730
    Affected: SAP_BW 731
    Affected: SAP_BW 740
    Affected: SAP_BW 750
    Affected: SAP_BW 751
    Affected: SAP_BW 752
    Affected: SAP_BW 753
    Affected: SAP_BW 754
    Affected: SAP_BW 755
    Affected: SAP_BW 756
    Affected: SAP_BW 757
    Affected: SAP_BW 758
    Affected: SAP_BW_VIRTUAL_COMP 701
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39594",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-15T20:21:45.839128Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-15T20:21:58.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:26:16.083Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3482217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Business Warehouse - Business Planning and Simulation",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BW 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 730"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW_VIRTUAL_COMP 701"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application.\n\n\n\n"
                }
              ],
              "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:10:40.727Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3482217"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-39594",
        "datePublished": "2024-07-09T04:10:40.727Z",
        "dateReserved": "2024-06-26T09:58:24.095Z",
        "dateUpdated": "2024-08-02T04:26:16.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39595 (GCVE-0-2024-39595)

    Vulnerability from cvelistv5 – Published: 2024-07-09 04:13 – Updated: 2024-08-02 04:26
    VLAI
    Title
    [CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation
    Summary
    SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Business Warehouse - Business Planning and Simulation Affected: SAP_BW 700
    Affected: SAP_BW 701
    Affected: SAP_BW 702
    Affected: SAP_BW 730
    Affected: SAP_BW 731
    Affected: SAP_BW 740
    Affected: SAP_BW 750
    Affected: SAP_BW 751
    Affected: SAP_BW 752
    Affected: SAP_BW 753
    Affected: SAP_BW 754
    Affected: SAP_BW 755
    Affected: SAP_BW 756
    Affected: SAP_BW 757
    Affected: SAP_BW 758
    Affected: SAP_BW_VIRTUAL_COMP 701
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39595",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:53:52.958466Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T14:54:14.485Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:26:16.023Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3482217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Business Warehouse - Business Planning and Simulation",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BW 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 730"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW_VIRTUAL_COMP 701"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user-controlled inputs,\nresulting in Stored Cross-Site Scripting (XSS) vulnerability. This\nvulnerability allows users to modify website content and on successful\nexploitation, an attacker can cause low impact to the confidentiality and\nintegrity of the application.\n\n\n\n"
                }
              ],
              "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user-controlled inputs,\nresulting in Stored Cross-Site Scripting (XSS) vulnerability. This\nvulnerability allows users to modify website content and on successful\nexploitation, an attacker can cause low impact to the confidentiality and\nintegrity of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:13:49.560Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3482217"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-39595",
        "datePublished": "2024-07-09T04:13:49.560Z",
        "dateReserved": "2024-06-26T09:58:24.095Z",
        "dateUpdated": "2024-08-02T04:26:16.023Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39594 (GCVE-0-2024-39594)

    Vulnerability from cvelistv5 – Published: 2024-07-09 04:10 – Updated: 2024-08-02 04:26
    VLAI
    Title
    [CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation
    Summary
    SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Business Warehouse - Business Planning and Simulation Affected: SAP_BW 700
    Affected: SAP_BW 701
    Affected: SAP_BW 702
    Affected: SAP_BW 730
    Affected: SAP_BW 731
    Affected: SAP_BW 740
    Affected: SAP_BW 750
    Affected: SAP_BW 751
    Affected: SAP_BW 752
    Affected: SAP_BW 753
    Affected: SAP_BW 754
    Affected: SAP_BW 755
    Affected: SAP_BW 756
    Affected: SAP_BW 757
    Affected: SAP_BW 758
    Affected: SAP_BW_VIRTUAL_COMP 701
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39594",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-15T20:21:45.839128Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-15T20:21:58.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:26:16.083Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3482217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Business Warehouse - Business Planning and Simulation",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BW 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 730"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW_VIRTUAL_COMP 701"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application.\n\n\n\n"
                }
              ],
              "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T04:10:40.727Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3482217"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-39594",
        "datePublished": "2024-07-09T04:10:40.727Z",
        "dateReserved": "2024-06-26T09:58:24.095Z",
        "dateUpdated": "2024-08-02T04:26:16.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }