CVE-2024-34687

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

9.0CRITICAL

EPSS

0.1%

top 67.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap AND Abap Platform SAP SAP Basis

Timeline

PublishedMay 14

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the sy…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:LExploitability: 2.3 | Impact: 3.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap_and_abap_platform16 versions+15

▶NVDsap/sap_basis16 versions+15

Patches

Patch: support.sap.com ↗Patch: support.sap.com ↗

🔴Vulnerability Details

GHSA

GHSA-x685-hmwx-rrvf: SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS)↗2024-05-14

▶

CVEList

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform↗2024-05-14

▶