CVE-2024-27902

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS ABAP versions 7.89, 7.93

Description The issue is related to Cross-Site Scripting (XSS) due to insufficient encoding of user-controlled inputs in applications based on SAP GUI for HTML. This allows a malicious attacker to execute code in a user's browser, potentially accessing and modifying data. There is no impact on the system's availability.

Recommendations For versions 7.89 and 7.93, update to a version that sufficiently encodes user-controlled inputs to prevent Cross-Site Scripting (XSS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.