PT-2023-19669 · Sap · Sap Netweaver As Abap
Published
2023-02-14
·
Updated
2023-04-12
·
CVE-2023-24521
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver AS ABAP (BSP Framework) versions 700 through 757
Description
The issue is caused by insufficient input sanitization, allowing an unauthenticated user to alter the current session of the user by injecting malicious code over the network. This may lead to a limited impact on the confidentiality and integrity of the application.
Recommendations
For SAP NetWeaver AS ABAP (BSP Framework) versions 700 through 757, update to a version that includes the necessary input sanitization fixes to prevent session alteration and unauthorized data access.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver As Abap