CVE-2024-21738

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 58.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Abap Application Server AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedJan 9

Description

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_abap_application_server_and_abap_platform16 versions+15

▶NVDsap/netweaver_application16 versions+15

🔴Vulnerability Details

GHSA

GHSA-ccxm-r356-vpjv: SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vul↗2024-01-09

▶

CVEList

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform↗2024-01-09

▶