CVE-2024-33005

Due to the missing authorization checks in thelocal systems, the admin users of SAP Web Dispatcher, SAP NetWeaver ApplicationServer (ABAP and Java), and SAP Content Server can impersonate other users andmay perform some unintended actions. This could lead to a low impact onconfidentiality and a hig...

CVE-2023-26457

SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data.