Vulnerability Database

315,050

Total vulnerabilities in the database

CVE-2023-41369

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.

Published: Sep 12, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-41369
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.5
AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
sap / s/4_hana	102	102.x
sap / s/4_hana	103	103.x
sap / s/4_hana	104	104.x
sap / s/4_hana	105	105.x
sap / s/4_hana	101	101.x
sap / s/4_hana	106	106.x
sap / s/4_hana	107	107.x
sap / s/4_hana	100	100.x
sap / s/4_hana	108	108.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo