CVE-2023-41369 – hana-ml

Package

Manager: pip
Name: hana-ml
Vulnerable Version: =1.0.8.post11 || =1.0.8.post2 || =1.0.8.post5 || =1.0.8.post8 || =2.10.21091803 || =2.11.21121103 || =2.11.22010700 || =2.11.22020900 || =2.12.22032503 || =2.12.22040801 || =2.12.22042500 || =2.12.22042800 || =2.13.22051101 || =2.13.22060800 || =2.13.22070101 || =2.13.22071500 || =2.13.22072200 || =2.14.22091801 || =2.14.22092300 || =2.14.22101400 || =2.14.22102800 || =2.14.22120100 || =2.14.22120800 || =2.15.22121601 || =2.15.22122300 || =2.15.23011100 || =2.15.23021701 || =2.16.23031601 || =2.16.23032300 || =2.16.23041300 || =2.16.23050800 || =2.16.23051900 || =2.16.23052600 || =2.16.23060100 || =2.17.23062200 || =2.17.23062800 || =2.17.23071400 || =2.17.23072700 || =2.17.23080800 || =2.18.23091401 || =2.5.20062605 || =2.5.20062608 || =2.5.20062609 || =2.6.20101606 || =2.6.20110600 || =2.6.20110601 || =2.6.20120900 || =2.6.21011300 || =2.6.21012600 || =2.8.21042100 || =2.9.21061902 || =2.9.21063001 || =2.9.21070902 || =2.9.21072600 || =2.18.23092700 || =2.18.23092701

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00109 pctl0.29915

Details

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.

Metadata

Created: 2023-09-12T02:15:00Z
Modified: 2023-11-08T04:13:25.974817Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F002
Auto approve: 1