CVE-2023-24521

Summary

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver AS ABAP (BSP Framework)700affected
SAPNetWeaver AS ABAP (BSP Framework)701affected
SAPNetWeaver AS ABAP (BSP Framework)702affected
SAPNetWeaver AS ABAP (BSP Framework)731affected
SAPNetWeaver AS ABAP (BSP Framework)740affected
SAPNetWeaver AS ABAP (BSP Framework)750affected
SAPNetWeaver AS ABAP (BSP Framework)751affected
SAPNetWeaver AS ABAP (BSP Framework)752affected
SAPNetWeaver AS ABAP (BSP Framework)753affected
SAPNetWeaver AS ABAP (BSP Framework)754affected
SAPNetWeaver AS ABAP (BSP Framework)755affected
SAPNetWeaver AS ABAP (BSP Framework)756affected
SAPNetWeaver AS ABAP (BSP Framework)757affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References