We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE

PUBLISHED

CVE-2024-33007

Client-side script execution vulnerability in SAP UI5(PDFViewer)

Assigner	sap
Reserved	2024-04-23
Published	2024-05-14
Updated	2024-06-04

Description

PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential security threat.

LOW: 3.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Product status

Default status

unaffected

754

affected

755

affected

756

affected

757

affected

758

affected

References

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

https://me.sap.com/notes/3446076

cve.org CVE-2024-33007

nvd.nist.gov CVE-2024-33007

Download JSON

https://cve.threatint.com/CVE/CVE-2024-33007

Find us on

Data Privacy
Terms of Use

© Copyright 2024 THREATINT. Made in Cyprus with ❤ + ☼