CVE-2023-29109
Summary
| CVE | CVE-2023-29109 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-11 03:15:00 UTC |
| Updated | 2023-04-18 15:31:00 UTC |
| Description | The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application. |
Risk And Classification
Problem Types: CWE-1236
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Abap Platform | 75c | All | All | All |
| Application | Sap | Abap Platform | 75d | All | All | All |
| Application | Sap | Abap Platform | 75e | All | All | All |
| Application | Sap | Application Interface Framework | aifx_702 | All | All | All |
| Application | Sap | Application Interface Framework | aif_703 | All | All | All |
| Application | Sap | Basis | 755 | All | All | All |
| Application | Sap | Basis | 756 | All | All | All |
| Application | Sap | S4core | 101 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Access Denied | MISC | www.sap.com | Vendor Advisory |
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | Permissions Required |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.