CVE-2023-25614Cross-site Scripting in SAP Netweaver AS Abap

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
1.2%
top 21.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Netweaver AS AbapSAP Netweaver Application Server Abap
Timeline
PublishedFeb 14

Description

SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDsap/netweaver_application13 versions+12
CVEListV5sap/netweaver_as_abap13 versions+12

🔴Vulnerability Details

2
CVEList
CVE-2023-25614: SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated2023-02-14
GHSA
GHSA-7ppg-6r5w-mm98: SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated2023-02-14
CVE-2023-25614 — Cross-site Scripting in SAP | cvebase