SAP Data Services Management Console Cross-Site Scripting Vulnerability

A Cross-Site Scripting vulnerability has been identified in the SAP Data Services Management Console. This issue allows authenticated attackers to exploit the search functionality related to Data Quality job status reports. By intercepting requests, attackers can inject malicious scripts that are executed when a user accesses the affected page. The vulnerability has a limited impact on the confidentiality and integrity of user session information, while availability remains unaffected.

Impact

Exploitation of this vulnerability allows for Cross-Site Scripting, where injected scripts are executed in the context of the user's session.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, where all Security Notes are available. For guidance on accessing and applying SAP Security Notes, refer to the SAP Security Notes FAQs.