CVE-2024-39595

MEDIUM

SAP Business Warehouse - Stored Cross-Site Scripting in Business Planning and Simulation

Title source: llm

Description

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3482217

Patch

https://url.sap/sapsecuritypatchday

Scores

CVSS v3 5.4

EPSS 0.0020

EPSS Percentile 42.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (16)

sap/business_warehouse 700

sap/business_warehouse 701

sap/business_warehouse 702

sap/business_warehouse 730

sap/business_warehouse 731

sap/business_warehouse 740

sap/business_warehouse 750

sap/business_warehouse 751

sap/business_warehouse 752

sap/business_warehouse 753

... and 6 more

Published Jul 09, 2024

Tracked Since Feb 18, 2026