CVE-2024-32733 | THREATINT

Description

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application

PUBLISHED Reserved 2024-04-17 | Published 2024-05-14 | Updated 2024-08-02 | Assigner sap

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status

unaffected

SAP_BASIS 740

affected

SAP_BASIS 750

affected

SAP_BASIS 751

affected

SAP_BASIS 752

affected

SAP_BASIS 753

affected

SAP_BASIS 754

affected

SAP_BASIS 755

affected

SAP_BASIS 756

affected

SAP_BASIS 757

affected

SAP_BASIS 758

affected

SAP_BASIS 795

affected

SAP_BASIS 796

affected

References

me.sap.com/notes/3450286

support.sap.com/...otes-news.html?anchorId=section_370125364

me.sap.com/notes/3450286

support.sap.com/...otes-news.html?anchorId=section_370125364

cve.org (CVE-2024-32733)

nvd.nist.gov (CVE-2024-32733)

Download JSON

help @ threatint.eu