Cyber Resilience

CVE-2023-36920

Medium

Published: 30 October 2023

Published
30 October 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.0011 28.8th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-36920 is a medium-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Sap Enable Now Enable Now Consump Del. Its CVSS base score is 6.1 (Medium).

Operationally, ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sap
enable now enable now consump del
1704
sap
enable now wpb manager
1.0
sap
enable now wpb manager ce
10
sap
enable now wpb manager hana
10

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References