CVE-2023-40624

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 70.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Abap (applications Based ON Unified Rendering)SAP Netweaver Application Server Abap

Timeline

PublishedSep 12

Latest updateSep 15

Description

SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_as_abap_(applications_based_on_unified_rendering)7 versions+6

▶NVDsap/netweaver_application7 versions+6

🔴Vulnerability Details

GHSA

GHSA-76hf-jrfp-9f25: SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702,↗2023-09-15

▶

CVEList

Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)↗2023-09-12

▶