SAP Business Connector Cross-Site Scripting Vulnerability

A Cross-Site Scripting (XSS) vulnerability has been identified in SAP Business Connector. This issue allows an unauthenticated attacker to create a malicious link that, when clicked by an unsuspecting user, can redirect the user to a site controlled by the attacker. Successful exploitation of this vulnerability could enable the attacker to access or modify information related to the web client, thereby impacting confidentiality and integrity, without affecting availability.

Impact

Exploitation of this vulnerability could lead to Cross-Site Scripting, allowing attackers to inject malicious scripts that could be executed in the context of the user's browser.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, specifically on the SAP Security Patch Day.