CVE-2024-32733

Summary

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 740affected
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 750affected
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 751affected
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 752affected
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 753affected
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 754affected
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 755affected
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 756affected
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 757affected
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 758affected
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 795affected
SAP_SESAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 796affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References