CVE-2023-23859

Summary

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver AS for ABAP and ABAP Platform740affected
SAPNetWeaver AS for ABAP and ABAP Platform750affected
SAPNetWeaver AS for ABAP and ABAP Platform751affected
SAPNetWeaver AS for ABAP and ABAP Platform752affected
SAPNetWeaver AS for ABAP and ABAP Platform753affected
SAPNetWeaver AS for ABAP and ABAP Platform754affected
SAPNetWeaver AS for ABAP and ABAP Platform755affected
SAPNetWeaver AS for ABAP and ABAP Platform756affected
SAPNetWeaver AS for ABAP and ABAP Platform757affected
SAPNetWeaver AS for ABAP and ABAP Platform789affected
SAPNetWeaver AS for ABAP and ABAP Platform790affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References