CVE-2024-27902
published 2024-03-12CVE-2024-27902: Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user’s browser. There is no impact on the availability of the system
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | netweaver_as_abap | — | — |
| sap | netweaver_as_abap | — | — |
| sap_se | sap_netweaver_as_abap_applications_based_on_sapgui_for_html | — | — |
| sap_se | sap_netweaver_as_abap_applications_based_on_sapgui_for_html | — | — |