CVE-2023-24521

CWE-79 β€” Cross-site Scripting (XSS)9 documents4 sources
Severity
6.1MEDIUM
EPSS
1.4%
top 19.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Netweaver AS Abap (bsp Framework)SAP Netweaver AS Abap Business Server Pages
Timeline
PublishedFeb 14
Latest updateDec 21

Description

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

β–ΆCVEListV5sap/netweaver_as_abap_(bsp_framework)13 versions+12
β–ΆNVDsap/netweaver_as_abap_business13 versions+12

πŸ”΄Vulnerability Details

2
CVEList
CVE-2023-24521: Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 7β†—2023-02-14
β–Ά
GHSA
GHSA-j995-j9xm-88p3: Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 7β†—2023-02-14
β–Ά

πŸ•΅οΈThreat Intelligence

1
Securelist
Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)β†—2023-12-21
β–Ά
CVE-2023-24521 (MEDIUM CVSS 6.1) | Due to insufficient input sanitizat | cvebase.io