CVE-2024-32733

MEDIUM

SAP NetWeaver Application Server ABAP/ABAP Platform - XSS

Title source: llm

Description

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application

References (2)

Core 2

Core References

Vendor Advisory

https://me.sap.com/notes/3450286

Various Sources

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Scores

CVSS v3 6.1

EPSS 0.0012

EPSS Percentile 30.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (12)

SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 740

SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 750

SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 751

SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 752

SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 753

SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 754

SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 755

SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 756

SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 757

SAP_SE/SAP NetWeaver Application Server ABAP and ABAP Platform SAP_BASIS 758

... and 2 more

Published May 14, 2024

Tracked Since Feb 18, 2026