THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-33007

Client-side script execution vulnerability in SAP UI5(PDFViewer)

Reserved:2024-04-23
Published:2024-05-14
Updated:2024-05-14

Description

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential security threat.



LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Product status

Default status
unaffected

754
affected

755
affected

756
affected

757
affected

758
affected

References

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

https://me.sap.com/notes/3446076

cve.org CVE-2024-33007

nvd.nist.gov CVE-2024-33007

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-33007