SapCVELIST:CVE-2024-27902CVE-2024-27902 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
9.0%
Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.Β A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a userβs browser. There is no impact on the availability of the system
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "7.89"
},
{
"status": "affected",
"version": "7.93"
}
]
}
]Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
9.0%