CVE-2023-25614

Summary

SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver AS ABAP (BSP Framework)700affected
SAPNetWeaver AS ABAP (BSP Framework)701affected
SAPNetWeaver AS ABAP (BSP Framework)702affected
SAPNetWeaver AS ABAP (BSP Framework)731affected
SAPNetWeaver AS ABAP (BSP Framework)740affected
SAPNetWeaver AS ABAP (BSP Framework)750affected
SAPNetWeaver AS ABAP (BSP Framework)751affected
SAPNetWeaver AS ABAP (BSP Framework)752affected
SAPNetWeaver AS ABAP (BSP Framework)753affected
SAPNetWeaver AS ABAP (BSP Framework)754affected
SAPNetWeaver AS ABAP (BSP Framework)755affected
SAPNetWeaver AS ABAP (BSP Framework)756affected
SAPNetWeaver AS ABAP (BSP Framework)757affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References