PT-2023-27546 · Sap · Sap Netweaver As Abap
Published
2023-09-12
·
Updated
2024-11-28
·
CVE-2023-40624
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver AS ABAP versions SAP UI 754 through SAP UI 758
SAP NetWeaver AS ABAP versions SAP BASIS 702, SAP BASIS 731
Description
The issue allows an attacker to inject JavaScript code that can be executed in the web-application, potentially controlling the behavior of the application.
Recommendations
For SAP NetWeaver AS ABAP versions SAP UI 754 through SAP UI 758, update to a version that includes the fix for this issue.
For SAP NetWeaver AS ABAP versions SAP BASIS 702, SAP BASIS 731, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the Unified Rendering application to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver As Abap