Lucene search

[email protected]NVD:CVE-2024-21738

HistoryJan 09, 2024 - 2:15 a.m.

CVE-2024-21738

2024-01-0902:15:46

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-21738

cross-site scripting

sap netweaver abap

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.0%

JSON

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.

Affected configurations

Nvd

Node

sapnetweaver_application_server_abapMatch79sap_basis

sapnetweaver_application_server_abapMatch700sap_basis

sapnetweaver_application_server_abapMatch701sap_basis

sapnetweaver_application_server_abapMatch702sap_basis

sapnetweaver_application_server_abapMatch731sap_basis

sapnetweaver_application_server_abapMatch740sap_basis

sapnetweaver_application_server_abapMatch750sap_basis

sapnetweaver_application_server_abapMatch751sap_basis

sapnetweaver_application_server_abapMatch752sap_basis

sapnetweaver_application_server_abapMatch753sap_basis

sapnetweaver_application_server_abapMatch754sap_basis

sapnetweaver_application_server_abapMatch755sap_basis

sapnetweaver_application_server_abapMatch756sap_basis

sapnetweaver_application_server_abapMatch757sap_basis

sapnetweaver_application_server_abapMatch758sap_basis

sapnetweaver_application_server_abapMatch793sap_basis

VendorProductVersionCPE
sapnetweaver_application_server_abap79cpe:2.3:a:sap:netweaver_application_server_abap:79:*:*:*:sap_basis:*:*:*
sapnetweaver_application_server_abap700cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*
sapnetweaver_application_server_abap701cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*
sapnetweaver_application_server_abap702cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*
sapnetweaver_application_server_abap731cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*
sapnetweaver_application_server_abap740cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*
sapnetweaver_application_server_abap750cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*
sapnetweaver_application_server_abap751cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:*
sapnetweaver_application_server_abap752cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*
sapnetweaver_application_server_abap753cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_application_server_abap	79	cpe:2.3:a:sap:netweaver_application_server_abap:79::::sap_basis:::
sap	netweaver_application_server_abap	700	cpe:2.3:a:sap:netweaver_application_server_abap:700::::sap_basis:::
sap	netweaver_application_server_abap	701	cpe:2.3:a:sap:netweaver_application_server_abap:701::::sap_basis:::
sap	netweaver_application_server_abap	702	cpe:2.3:a:sap:netweaver_application_server_abap:702::::sap_basis:::
sap	netweaver_application_server_abap	731	cpe:2.3:a:sap:netweaver_application_server_abap:731::::sap_basis:::
sap	netweaver_application_server_abap	740	cpe:2.3:a:sap:netweaver_application_server_abap:740::::sap_basis:::
sap	netweaver_application_server_abap	750	cpe:2.3:a:sap:netweaver_application_server_abap:750::::sap_basis:::
sap	netweaver_application_server_abap	751	cpe:2.3:a:sap:netweaver_application_server_abap:751::::sap_basis:::
sap	netweaver_application_server_abap	752	cpe:2.3:a:sap:netweaver_application_server_abap:752::::sap_basis:::
sap	netweaver_application_server_abap	753	cpe:2.3:a:sap:netweaver_application_server_abap:753::::sap_basis:::

Rows per page:

1-10 of 161

References

me.sap.com/notes/3387737

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html