CVE-2023-24522

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.

Published: Feb 14, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-24522
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_abap	702	702.x
sap / netweaver_application_server_abap	700	700.x
sap / netweaver_application_server_abap	731	731.x
sap / netweaver_application_server_abap	740	740.x
sap / netweaver_application_server_abap	701	701.x

https://launchpad.support.sap.com/#/notes/3269118
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Vulnerability Database

289,784

CVE-2023-24522