CVE-2023-24521

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:757:*:*:*:*:*:*:*

History

21 Nov 2024, 07:48

Type Values Removed Values Added
References () https://launchpad.support.sap.com/#/notes/3269151 - Permissions Required, Vendor Advisory () https://launchpad.support.sap.com/#/notes/3269151 - Permissions Required, Vendor Advisory
References () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory

Information

Published : 2023-02-14 04:15

Updated : 2024-11-21 07:48


NVD link : CVE-2023-24521

Mitre link : CVE-2023-24521

CVE.ORG link : CVE-2023-24521


JSON object : View

Products Affected

sap

  • netweaver_as_abap_business_server_pages
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')