Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2024-34687
HistoryMay 14, 2024 - 4:17 p.m.

CVE-2024-34687

2024-05-1416:17:26
CWE-79
[email protected]
web.nvd.nist.gov
25
sap netweaver
abap platform
cross-site scripting
xss
vulnerability
user input
confidentiality
integrity
availability
nvd
cve-2024-34687

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver Application server for ABAP and ABAP Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BASIS 700"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 701"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 702"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 731"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 740"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 750"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 751"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 752"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 753"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 754"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 755"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 756"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 757"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 758"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 795"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 796"
      }
    ]
  }
]

Related

nvd 1
vulnrichment 1
nessus 1
cvelist 1
nvd
nvd
CVE-2024-34687
2024-05-14 16:17:26
vulnrichment
vulnrichment
CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform
2024-05-14 03:56:24
nessus
nessus
SAP NetWeaver AS ABAP XSS (May 2024) (3448445)
2024-05-17 00:00:00
cvelist
cvelist
CVE-2024-34687 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform
2024-05-14 03:56:24

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVE-2024-34687
nvd1vulnrichment1nessus1cvelist1