Assigner | sap |
Reserved | 2024-04-17 |
Published | 2024-05-14 |
Updated | 2024-06-04 |
Description
Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
SAP_BASIS 740
SAP_BASIS 750
SAP_BASIS 751
SAP_BASIS 752
SAP_BASIS 753
SAP_BASIS 754
SAP_BASIS 755
SAP_BASIS 756
SAP_BASIS 757
SAP_BASIS 758
SAP_BASIS 795
SAP_BASIS 796
References
https://me.sap.com/notes/3450286