CVE-2023-0013 — Cross-site Scripting in SAP Netweaver AS FOR Abap AND Abap Platform

CWE-79 — Cross-site Scripting CWE-287 — Improper Authentication6 documents6 sources

Severity

6.1MEDIUMNVD

CISA3.9

EPSS

0.4%

top 37.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver AS FOR Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedJan 10

Latest updateJun 23

Description

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap/netweaver_as_for_abap_and_abap_platform11 versions+10

▶NVDsap/netweaver_application11 versions+10

🔴Vulnerability Details

GHSA

GHSA-chrg-5xr2-ppfm: The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP↗2023-01-10

▶

CVEList

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform↗2023-01-10

▶

💥Exploits & PoCs

Nuclei

SuperWebMailer - Cross-Site Scripting

▶

📋Vendor Advisories

CISA

VMware Tools Authentication Bypass Vulnerability↗2023-06-23

▶

VMware

VMware Tools update addresses Authentication Bypass vulnerability (CVE-2023-20867)↗2023-06-13

▶