CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
Percentile
17.7%
SAP NetWeaver Application Server ABAP allows
an unauthenticated attacker to craft a URL link that could bypass allowlist
controls. Depending on the web applications provided by this server, the
attacker might inject CSS code or links into the web application that could
allow the attacker to read or modify information. There is no impact on
availability of application.
Vendor | Product | Version | CPE |
---|---|---|---|
sap | netweaver_application_server_abap | 755 | cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | 756 | cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | 757 | cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | 758 | cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | sap_basis_700 | cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | sap_basis_701 | cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | sap_basis_702 | cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | sap_basis_731 | cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | sap_basis_912 | cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:* |
sap | netweaver_application_server_abap | sap_ui_754 | cpe:2.3:a:sap:netweaver_application_server_abap:sap_ui_754:*:*:*:*:*:*:* |