CVE-2024-45280 — Cross-site Scripting in SE SAP Netweaver AS Java

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 70.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Java

Timeline

PublishedSep 10

Description

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_as_java7.50

🔴Vulnerability Details

CVEList

Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)↗2024-09-10

▶

GHSA

GHSA-2px3-mvqp-56jf: Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application↗2024-09-10

▶