Input validation

2023-02-1404:15:00

PRIOn knowledge base

www.prio-n.com

input validation

sap netweaver

abap platform

unauthenticated attacker

crafted url

confidentiality

integrity

nvd

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data. This could cause a limited impact on confidentiality and integrity of the application.

CPENameOperatorVersion
netweaver_application_server_abapeq750
netweaver_application_server_abapeq752
netweaver_application_server_abapeq753
netweaver_application_server_abapeq754
netweaver_application_server_abapeq755
netweaver_application_server_abapeq756
netweaver_application_server_abapeq740
netweaver_application_server_abapeq751
netweaver_application_server_abapeq757

Name	Operator	Version
netweaver_application_server_abap	eq	750
netweaver_application_server_abap	eq	752
netweaver_application_server_abap	eq	753
netweaver_application_server_abap	eq	754
netweaver_application_server_abap	eq	755
netweaver_application_server_abap	eq	756
netweaver_application_server_abap	eq	740
netweaver_application_server_abap	eq	751
netweaver_application_server_abap	eq	757