CVE-2023-24529
Published Feb 14, 2023
Last updated 2 years ago
Overview
- Description
- Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.
- Source
- cna@sap.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- cna@sap.com
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E6E948A-59A4-460A-8369-68E9A94CA4EC"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B2AC049-E6B5-4954-875A-7E66F2CEFEDF"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1097BE81-D7C7-4288-82A8-F5FA0EB492E3"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4AA4EAF-ED70-4FEC-85B5-C8229EB5F600"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F822C6B-3047-4EB1-9A85-EE10EA592DE4"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.50:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "689471D5-2189-48AF-ACE9-41DA4B642B1E"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.51:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD618C71-34FF-414C-86DC-C43C5EEF5D20"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.52:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E4BD107-F102-4859-9439-955F4DACE96F"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75c:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63AE465A-45CC-4834-BEC0-589935EFCAD2"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75d:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAADF821-7088-4D5C-BB6D-2662880AC62D"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76E464A9-F2FD-4A91-8562-A33EBABD24E7"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75f:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D396DE3-DCE7-4CB1-B6AB-85F2A850C180"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75g:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC3734C6-B13F-4BDA-8586-47C18FD1B26E"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75h:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3975983-9499-49E2-8A1E-F1F9B2B5A792"
}
],
"operator": "OR"
}
]
}
]