CVE-2023-24522

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS ABAP (Business Server Pages) versions 700, 701, 702, 731, 740

Description The issue is caused by insufficient input sanitization, allowing an unauthenticated user to alter the current session of the user by injecting malicious code over the network. This can lead to a limited impact on the confidentiality and integrity of the application.

Recommendations For versions 700, 701, 702, 731, 740, update to a version that includes input sanitization to prevent session alteration. As a temporary workaround, consider restricting access to the Business Server Pages component to minimize the risk of exploitation. Avoid using the SAP NetWeaver AS ABAP (Business Server Pages) until the issue is resolved with proper input sanitization.