Login Sign Up

CVE-2023-30743

7.1 HIGH

📋 TL;DR

This vulnerability in SAPUI5's sap.m.FormattedText control allows CSS injection due to improper input neutralization. Attackers can block user interaction with applications and potentially conduct phishing attacks to read or modify user information. Affects SAPUI5 versions SAP_UI 750-757 and UI_700 200.

💻 Affected Systems

Products:
  • SAPUI5
Versions: SAP_UI 750, 754, 755, 756, 757 and UI_700 200
Operating Systems: All platforms running SAPUI5
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the sap.m.FormattedText control specifically. Applications using this control with untrusted input are vulnerable.

📦 What is this software?

Sapui5 by Sap

View all CVEs affecting Sapui5 →

Sapui5 by Sap

View all CVEs affecting Sapui5 →

Sapui5 by Sap

View all CVEs affecting Sapui5 →

Sapui5 by Sap

View all CVEs affecting Sapui5 →

Sapui5 by Sap

View all CVEs affecting Sapui5 →

Sapui5 by Sap

View all CVEs affecting Sapui5 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers conduct successful phishing campaigns to steal sensitive user data or credentials, leading to account compromise and potential data breaches.

🟠

Likely Case

Attackers inject malicious CSS to block legitimate user interaction with SAP applications, causing denial of service and user frustration.

🟢

If Mitigated

With proper input validation and output encoding, the risk is limited to minor UI disruption that can be quickly remediated.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the attacker to inject CSS into the vulnerable control, which could be achieved through various input vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Note 3326210

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3326210

Restart Required: Yes

Instructions:

1. Download and apply SAP Note 3326210. 2. Update SAPUI5 to patched versions. 3. Restart affected SAP applications.

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation for all data passed to sap.m.FormattedText control

Output Encoding

all

Apply proper output encoding for CSS contexts in UI5 applications

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block CSS injection attempts
  • Disable or restrict use of sap.m.FormattedText control in vulnerable applications

🔍 How to Verify

Check if Vulnerable:

Check SAPUI5 version and verify if sap.m.FormattedText control is used with untrusted input

Check Version:

Check SAP system for UI5 component versions via transaction SE38 or system information

Verify Fix Applied:

Verify SAP Note 3326210 is applied and test sap.m.FormattedText control with CSS injection attempts

📡 Detection & Monitoring

Log Indicators:

  • Unusual CSS patterns in application logs
  • Multiple failed interaction attempts by users

Network Indicators:

  • Suspicious CSS payloads in HTTP requests to SAP applications

SIEM Query:

source="sap_app" AND (css_injection OR formattedtext)

📊 Metadata

CVE ID: CVE-2023-30743
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE: CWE-79
Published: May 9, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30743, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)