CVE-2023-23851

MEDIUM Year: 2023
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system.

Related Vulnerabilities

CVE-2016-2914

MEDIUM
CVSS:5.4(Medium)

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specify...

CWE-4342016

CVE-2019-19493

MEDIUM
CVSS:5.4(Medium)

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

CWE-4342019

CVE-2019-6513

MEDIUM
CVSS:5.4(Medium)

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.

CWE-4342019

CVE-2020-26828

MEDIUM
CVSS:5.4(Medium)

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which ca...

CWE-4342020

CVE-2020-2730

MEDIUM
CVSS:5.4(Medium)

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0...

CWE-4342020

CVE-2021-24960

MEDIUM
CVSS:5.4(Medium)

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way ...

CWE-4342021