CVE-2024-32733

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP and ABAP Platform versions prior to 796

Description The issue is caused by missing input validation and output encoding of untrusted data, allowing an unauthenticated attacker to inject malicious JavaScript code into dynamically crafted web pages. Successful exploitation enables the attacker to access or modify sensitive information without impacting the application's availability. An attacker could remotely exploit this to hijack user sessions.

Recommendations For SAP NetWeaver Application Server ABAP and ABAP Platform versions prior to 796, update to a version that includes the necessary security patches to mitigate the risk of Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to protect against session hijacking.