{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39594", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-06-26T09:58:24.095Z", "datePublished": "2024-07-09T04:10:40.727Z", "dateUpdated": "2024-08-02T04:26:16.083Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Business Warehouse - Business Planning and Simulation", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "SAP_BW 700"}, {"status": "affected", "version": "SAP_BW 701"}, {"status": "affected", "version": "SAP_BW 702"}, {"status": "affected", "version": "SAP_BW 730"}, {"status": "affected", "version": "SAP_BW 731"}, {"status": "affected", "version": "SAP_BW 740"}, {"status": "affected", "version": "SAP_BW 750"}, {"status": "affected", "version": "SAP_BW 751"}, {"status": "affected", "version": "SAP_BW 752"}, {"status": "affected", "version": "SAP_BW 753"}, {"status": "affected", "version": "SAP_BW 754"}, {"status": "affected", "version": "SAP_BW 755"}, {"status": "affected", "version": "SAP_BW 756"}, {"status": "affected", "version": "SAP_BW 757"}, {"status": "affected", "version": "SAP_BW 758"}, {"status": "affected", "version": "SAP_BW_VIRTUAL_COMP 701"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application.\n\n\n\n"}], "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-07-09T04:10:40.727Z"}, "references": [{"url": "https://url.sap/sapsecuritypatchday"}, {"url": "https://me.sap.com/notes/3482217"}], "source": {"discovery": "UNKNOWN"}, "title": "[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-15T20:21:45.839128Z", "id": "CVE-2024-39594", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-15T20:21:58.159Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:16.083Z"}, "title": "CVE Program Container", "references": [{"url": "https://url.sap/sapsecuritypatchday", "tags": ["x_transferred"]}, {"url": "https://me.sap.com/notes/3482217", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39594", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-15T20:21:45.839128Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-15T20:21:54.508Z"}}], "cna": {"title": "[CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Business Warehouse - Business Planning and Simulation", "versions": [{"status": "affected", "version": "SAP_BW 700"}, {"status": "affected", "version": "SAP_BW 701"}, {"status": "affected", "version": "SAP_BW 702"}, {"status": "affected", "version": "SAP_BW 730"}, {"status": "affected", "version": "SAP_BW 731"}, {"status": "affected", "version": "SAP_BW 740"}, {"status": "affected", "version": "SAP_BW 750"}, {"status": "affected", "version": "SAP_BW 751"}, {"status": "affected", "version": "SAP_BW 752"}, {"status": "affected", "version": "SAP_BW 753"}, {"status": "affected", "version": "SAP_BW 754"}, {"status": "affected", "version": "SAP_BW 755"}, {"status": "affected", "version": "SAP_BW 756"}, {"status": "affected", "version": "SAP_BW 757"}, {"status": "affected", "version": "SAP_BW 758"}, {"status": "affected", "version": "SAP_BW_VIRTUAL_COMP 701"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://url.sap/sapsecuritypatchday"}, {"url": "https://me.sap.com/notes/3482217"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application.", "supportingMedia": [{"type": "text/html", "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application.\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-07-09T04:10:40.727Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39594", "state": "PUBLISHED", "dateUpdated": "2024-07-15T20:21:58.159Z", "dateReserved": "2024-06-26T09:58:24.095Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-07-09T04:10:40.727Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:business_warehouse:700:*:*:*:*:*:*:*", "matchCriteriaId": "D495F997-45A9-4C80-841E-781E1EAC3074", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:701:*:*:*:*:*:*:*", "matchCriteriaId": "2FCA6F5A-25B8-46E1-B407-38F61222C057", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:702:*:*:*:*:*:*:*", "matchCriteriaId": "3FE999EE-9B6B-4D2C-9347-5558B878AE7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:730:*:*:*:*:*:*:*", "matchCriteriaId": "EF8F2CE3-BA4B-4A9C-A284-87F0AB797B92", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:731:*:*:*:*:*:*:*", "matchCriteriaId": "00732AD2-BEED-4C1F-AC39-46E6F33CBB5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:740:*:*:*:*:*:*:*", "matchCriteriaId": "EC7DABAD-36FA-49D7-8C3C-3AA49604BE37", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:750:*:*:*:*:*:*:*", "matchCriteriaId": "526C11C6-B67D-49F1-94E6-A324AA581EDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:751:*:*:*:*:*:*:*", "matchCriteriaId": "4A4E38AC-5888-4ABD-AAB1-BC5312701195", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:752:*:*:*:*:*:*:*", "matchCriteriaId": "8D7A93A1-3D65-4C79-92B1-E433EE443478", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:753:*:*:*:*:*:*:*", "matchCriteriaId": "80E03381-893C-4646-9150-303AB4F6144B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:754:*:*:*:*:*:*:*", "matchCriteriaId": "1400B8E5-8400-420A-8581-9F3B07EF6BF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:755:*:*:*:*:*:*:*", "matchCriteriaId": "2ABE173B-C66E-4A69-9735-E325C0DAC062", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:756:*:*:*:*:*:*:*", "matchCriteriaId": "CEF64C99-2AEF-4942-90AC-053CE56293F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:757:*:*:*:*:*:*:*", "matchCriteriaId": "C8E527DF-7066-4869-A914-DD29979EE90D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse:758:*:*:*:*:*:*:*", "matchCriteriaId": "093021E9-112A-4828-AE86-8B32BCC9B8B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_warehouse_virtual_comp:701:*:*:*:*:*:*:*", "matchCriteriaId": "F10F39E6-41C6-46E7-855A-8D05055A8142", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application."}, {"lang": "es", "value": "SAP Business Warehouse: la aplicaci\u00f3n de simulaci\u00f3n y planificaci\u00f3n empresarial no codifica suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross Site Scripting reflejado (XSS). Despu\u00e9s de una explotaci\u00f3n exitosa, un atacante puede causar un impacto reducido en la confidencialidad y la integridad de la aplicaci\u00f3n."}], "id": "CVE-2024-39594", "lastModified": "2025-10-29T14:39:47.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2024-07-09T05:15:12.300", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3482217"}, {"source": "cna@sap.com", "tags": ["Patch"], "url": "https://url.sap/sapsecuritypatchday"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3482217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}