Lucene search

[email protected]NVD:CVE-2023-33985

HistoryJun 13, 2023 - 3:15 a.m.

CVE-2023-33985

2023-06-1303:15:09

CWE-79

[email protected]

web.nvd.nist.gov

sap netweaver enterprise portal

version 7.50

xss vulnerability

network input encoding

cross-site scripting

limited impact

confidentiality

integrity

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.7%

JSON

SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Affected configurations

Nvd

Node

sapnetweaverMatch7.50

VendorProductVersionCPE
sapnetweaver7.50cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver	7.50	cpe:2.3:a:sap:netweaver:7.50:::::::*

References

launchpad.support.sap.com/#/notes/3331627

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

32.7%

JSON

Related for NVD:CVE-2023-33985

prion1 cve1 cnvd1 cvelist1