CVE-2023-0013

Summary

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver AS for ABAP and ABAP Platform702affected
SAPNetWeaver AS for ABAP and ABAP Platform731affected
SAPNetWeaver AS for ABAP and ABAP Platform740affected
SAPNetWeaver AS for ABAP and ABAP Platform750affected
SAPNetWeaver AS for ABAP and ABAP Platform751affected
SAPNetWeaver AS for ABAP and ABAP Platform752affected
SAPNetWeaver AS for ABAP and ABAP Platform753affected
SAPNetWeaver AS for ABAP and ABAP Platform754affected
SAPNetWeaver AS for ABAP and ABAP Platform755affected
SAPNetWeaver AS for ABAP and ABAP Platform756affected
SAPNetWeaver AS for ABAP and ABAP Platform757affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References