CVE-2024-32733

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application
Configurations

No configuration.

History

21 Nov 2024, 09:15

Type Values Removed Values Added
Summary
  • (es) Debido a la falta de validación de entrada y codificación de salida de datos que no son confiables, SAP NetWeaver Application Server ABAP y ABAP Platform permiten que un atacante no autenticado inyecte código JavaScript malicioso en la página web manipulada dinámicamente. Si la explotación tiene éxito, el atacante puede acceder o modificar información confidencial sin impacto en la disponibilidad de la aplicación.
References () https://me.sap.com/notes/3450286 - () https://me.sap.com/notes/3450286 -
References () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 - () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 -

14 May 2024, 16:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 16:17

Updated : 2024-11-21 09:15


NVD link : CVE-2024-32733

Mitre link : CVE-2024-32733

CVE.ORG link : CVE-2024-32733


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')