CVE-2023-24522Cross-site Scripting in SAP Netweaver AS Abap

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
1.4%
top 19.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Netweaver AS AbapSAP Netweaver Application Server Abap
Timeline
PublishedFeb 14

Description

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5sap/netweaver_as_abap5 versions+4
NVDsap/netweaver_application5 versions+4

🔴Vulnerability Details

2
CVEList
CVE-2023-24522: Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated us2023-02-14
GHSA
GHSA-mpfr-rcqq-m4pw: Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated us2023-02-14
CVE-2023-24522 — Cross-site Scripting in SAP | cvebase