Main Vulnerability Database Vulnerabilities #VU75172

#VU75172 Improper neutralization of formula elements in a CSV File in SAP Application Interface Framework (AIF) - CVE-2023-29109

Published: April 17, 2023

Vulnerability identifier: #VU75172

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-29109

CWE-ID: CWE-1236

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SAP Application Interface Framework (AIF)

Software vendor:
SAP

Description

The vulnerability allows a remote user to manipulate contents of csv files.

The vulnerability exists due to improper validation of user supplied input when processing contents of the Tooltip of the Custom Hints List field in Message Dashboard. A remote user can inject arbitrary Excel formulas into csv files and execute arbitrary code in the Excel document when the csv file is viewed.

Remediation

Install updates from vendor's website.

#VU75172 Improper neutralization of formula elements in a CSV File in SAP Application Interface Framework (AIF) - CVE-2023-29109

Description

Remediation

External links

Please verify you're human