CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
36.1%
SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
Vendor | Product | Version | CPE |
---|---|---|---|
sap | netweaver_as_abap_business_server_pages | 75a | cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75a:*:*:*:*:*:*:* |
sap | netweaver_as_abap_business_server_pages | 75b | cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75b:*:*:*:*:*:*:* |
sap | netweaver_as_abap_business_server_pages | 75c | cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75c:*:*:*:*:*:*:* |
sap | netweaver_as_abap_business_server_pages | 75d | cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75d:*:*:*:*:*:*:* |
sap | netweaver_as_abap_business_server_pages | 75e | cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75e:*:*:*:*:*:*:* |
sap | netweaver_as_abap_business_server_pages | 700 | cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:700:*:*:*:*:*:*:* |
sap | netweaver_as_abap_business_server_pages | 701 | cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:701:*:*:*:*:*:*:* |
sap | netweaver_as_abap_business_server_pages | 702 | cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:702:*:*:*:*:*:*:* |
sap | netweaver_as_abap_business_server_pages | 710 | cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:710:*:*:*:*:*:*:* |
sap | netweaver_as_abap_business_server_pages | 711 | cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:711:*:*:*:*:*:*:* |
[
{
"product": "SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 700"
},
{
"status": "affected",
"version": "< 701"
},
{
"status": "affected",
"version": "< 702"
},
{
"status": "affected",
"version": "< 710"
},
{
"status": "affected",
"version": "< 711"
},
{
"status": "affected",
"version": "< 730"
},
{
"status": "affected",
"version": "< 731"
},
{
"status": "affected",
"version": "< 740"
},
{
"status": "affected",
"version": "< 750"
},
{
"status": "affected",
"version": "< 751"
},
{
"status": "affected",
"version": "< 752"
},
{
"status": "affected",
"version": "< 75A"
},
{
"status": "affected",
"version": "< 75B"
},
{
"status": "affected",
"version": "< 75C"
},
{
"status": "affected",
"version": "< 75D"
},
{
"status": "affected",
"version": "< 75E"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
36.1%