Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application
References
Configurations
No configuration.
History
21 Nov 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://me.sap.com/notes/3450286 - | |
References | () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 - |
14 May 2024, 16:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-14 16:17
Updated : 2024-11-21 09:15
NVD link : CVE-2024-32733
Mitre link : CVE-2024-32733
CVE.ORG link : CVE-2024-32733
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')