← back
CVE-2024-32733

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

CVSS 6.1 MEDIUMEPSS 0.4%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 May 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
SAP_SE · SAP NetWeaver Application Server ABAP and ABAP Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://me.sap.com/notes/3450286https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364