How severe is CVE-2023-29109?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2023-29109?

This is classified as CWE-1236, which is a common weakness in software security.

CVE-2023-29109 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application.

Related Vulnerabilities

CVE-2023-51298

MEDIUM

CVSS:4.7(Medium)

PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on La...

CWE-12362023

CVE-2021-27839

MEDIUM

CVSS:4.4(Medium)

A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or ...

CWE-12362021

CVE-2019-6182

MEDIUM

CVSS:4.8(Medium)

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event...

CWE-12362019

CVE-2023-46400

MEDIUM

CVSS:4.3(Medium)

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function.

CWE-12362023

CVE-2020-10460

MEDIUM

CVSS:4.9(Medium)

admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.

CWE-12362020

CVE-2020-9205

MEDIUM

CVSS:4.9(Medium)

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input ...

CWE-12362020