CVE-2023-33985

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal version 7.50

Description The issue arises from insufficient encoding of user-controlled inputs over the network, resulting in a reflected Cross-Site Scripting (XSS) issue. This allows an attacker to view or modify information, causing a limited impact on the confidentiality and integrity of the application. The vulnerability can be exploited by a remote attacker to conduct Cross-Site Scripting attacks, potentially altering the scope of the attack.

Recommendations For SAP NetWeaver Enterprise Portal version 7.50, consider implementing proper input encoding to prevent Cross-Site Scripting attacks. As a temporary workaround, restrict access to sensitive information and functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.