Total vulnerabilities in the database
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.
| Software | From | Fixed in |
|---|---|---|
| sap / netweaver_application_server_abap | krnl64nuc_7.22 | krnl64nuc_7.22.x |
| sap / netweaver_application_server_abap | kernel_7.22 | kernel_7.22.x |
| sap / netweaver_application_server_abap | krnl64uc_7.22 | krnl64uc_7.22.x |
| sap / netweaver_application_server_abap | 7.49 | 7.49.x |
| sap / netweaver_application_server_abap | 7.53 | 7.53.x |
| sap / netweaver_application_server_abap | 7.77 | 7.77.x |
| sap / netweaver_application_server_abap | 7.81 | 7.81.x |
| sap / netweaver_application_server_abap | 7.22ext | 7.22ext.x |
| sap / netweaver_application_server_abap | 7.85 | 7.85.x |
| sap / netweaver_application_server_abap | 7.89 | 7.89.x |
| sap / netweaver_application_server_abap | 7.54 | 7.54.x |