Strix
26.1K

CVE-2023-42479

MEDIUMCVSS 6.1/10EPSS 0.45%

Last modified

CVE-2023-42479 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information. . EPSS estimates a 0.45% chance of exploitation in the next 30 days.

Description

An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.

Metrics

CVSS 3.1
6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.45%

35.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SapBiller Direct635
SapBiller Direct750

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-42479?
An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information.
How severe is CVE-2023-42479?
CVE-2023-42479 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.45% probability of exploitation in the next 30 days.
How do I fix CVE-2023-42479?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-42479?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST