CVE-2024-21738

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.

Published: Jan 9, 2024
Updated: Jan 12, 2024
CVE: CVE-2024-21738
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_abap	702	702.x
sap / netweaver_application_server_abap	700	700.x
sap / netweaver_application_server_abap	701	701.x
sap / netweaver_application_server_abap	731	731.x
sap / netweaver_application_server_abap	740	740.x
sap / netweaver_application_server_abap	750	750.x
sap / netweaver_application_server_abap	751	751.x
sap / netweaver_application_server_abap	752	752.x
sap / netweaver_application_server_abap	753	753.x
sap / netweaver_application_server_abap	754	754.x
sap / netweaver_application_server_abap	755	755.x
sap / netweaver_application_server_abap	756	756.x
sap / netweaver_application_server_abap	757	757.x
sap / netweaver_application_server_abap	758	758.x
sap / netweaver_application_server_abap	793	793.x
sap / netweaver_application_server_abap	79	79.x

Vulnerability Database

289,784

CVE-2024-21738