CVE-2023-40624

2023-09-1203:15:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-40624

javascript injection

sap ui

sap basis

web application control

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.7%

JSON

SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application.

Affected configurations

Nvd

Node

sapnetweaver_application_server_abapMatch702sap_basis

sapnetweaver_application_server_abapMatch731sap_basis

sapnetweaver_application_server_abapMatch754sap_ui

sapnetweaver_application_server_abapMatch755sap_ui

sapnetweaver_application_server_abapMatch756sap_ui

sapnetweaver_application_server_abapMatch757sap_ui

sapnetweaver_application_server_abapMatch758sap_ui

VendorProductVersionCPE
sapnetweaver_application_server_abap702cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*
sapnetweaver_application_server_abap731cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*
sapnetweaver_application_server_abap754cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_ui:*:*:*
sapnetweaver_application_server_abap755cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_ui:*:*:*
sapnetweaver_application_server_abap756cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_ui:*:*:*
sapnetweaver_application_server_abap757cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_ui:*:*:*
sapnetweaver_application_server_abap758cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_ui:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_application_server_abap	702	cpe:2.3:a:sap:netweaver_application_server_abap:702::::sap_basis:::
sap	netweaver_application_server_abap	731	cpe:2.3:a:sap:netweaver_application_server_abap:731::::sap_basis:::
sap	netweaver_application_server_abap	754	cpe:2.3:a:sap:netweaver_application_server_abap:754::::sap_ui:::
sap	netweaver_application_server_abap	755	cpe:2.3:a:sap:netweaver_application_server_abap:755::::sap_ui:::
sap	netweaver_application_server_abap	756	cpe:2.3:a:sap:netweaver_application_server_abap:756::::sap_ui:::
sap	netweaver_application_server_abap	757	cpe:2.3:a:sap:netweaver_application_server_abap:757::::sap_ui:::
sap	netweaver_application_server_abap	758	cpe:2.3:a:sap:netweaver_application_server_abap:758::::sap_ui:::