CVE-2023-0021

Name of the Vulnerable Software and Affected Versions SAP NetWeaver versions 700 through 750

Description The issue is caused by insufficient encoding of user input, allowing an unauthenticated attacker to inject code. This can expose sensitive data, such as user id and password, and may lead to reflected Cross-Site scripting. The affected endpoints are typically exposed over the network, and successful exploitation can partially impact the confidentiality of the application.

Recommendations For SAP NetWeaver versions 700 through 750, update to a version that includes proper encoding of user input to prevent code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.