CVE-2024-21738
Published Jan 9, 2024
Last updated 10 months ago
Overview
- Description
- SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.
- Source
- cna@sap.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- cna@sap.com
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:79:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E795D39-9D29-4CFC-BDB7-5E990A386647"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F048ED9-2DDF-4EB9-8571-73832AFABF6A"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C37DC475-6B9A-493C-9A6F-28CDD65D2A5B"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BD9FE51-F76C-439A-A3C0-5279EC1059F7"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EB54432-0E1A-45F2-BEE1-8DC28FAADA9F"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E96C58C-ED44-487B-A67E-FDAE3C29023A"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A14DF5EB-B8CE-4A47-9959-2F65A5DCEF5F"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E0CA53D-4335-4872-B527-30802E31B893"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "419BA423-0803-4F51-8889-014A521F02CE"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA20ECDC-8807-462C-A0F0-70DF6F5A119B"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "800AAC21-325C-4F16-AE5A-9F89327E5356"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDC15DB7-A95B-475F-AAA6-60A801F65690"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55A2FECF-A32E-4188-9563-E8BA0E952261"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CBF2E53-17F0-4BF0-9C38-749C7E611BF4"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5160572B-E3AB-4B96-8950-07DDAFA0E4A6"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:793:*:*:*:sap_basis:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB104F44-D209-41D3-AE25-A5A4A8CE3323"
}
],
"operator": "OR"
}
]
}
]