Description
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.
Scores
CVSS v3
4.3
EPSS
0.0014
EPSS Percentile
34.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-444
Status
published
Products (9)
sap/fiori_launchpad
200
sap/fiori_launchpad
700
sap/fiori_launchpad
750
sap/fiori_launchpad
754
sap/fiori_launchpad
755
sap/fiori_launchpad
756
sap/fiori_launchpad
757
sap/fiori_launchpad
758
sap/fiori_launchpad
793
Published
Dec 12, 2023
Tracked Since
Feb 18, 2026