SAP Business Connector Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in SAP Business Connector. This issue allows an unauthenticated attacker to create a malicious link and make it publicly available. If an authenticated user clicks on this link, the injected content is executed in the user's browser context. This could enable the attacker to access or alter information within the user's browser scope, thereby compromising confidentiality and integrity, while leaving availability unaffected.

Impact

Exploitation of this vulnerability could lead to reflected cross-site scripting, allowing attackers to execute malicious scripts in the context of the victim's browser.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, particularly on the SAP Security Patch Day.