Description
Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://url.sap/sapsecuritypatchday
Vendor Advisory
https://me.sap.com/notes/3501359
Scores
CVSS v3
6.1
EPSS
0.0022
EPSS Percentile
44.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (15)
SAP_SE/SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
700
SAP_SE/SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
701
SAP_SE/SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
702
SAP_SE/SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
731
SAP_SE/SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
740
SAP_SE/SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
750
SAP_SE/SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
751
SAP_SE/SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
752
SAP_SE/SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
75C
SAP_SE/SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
75D
... and 5 more
Published
Sep 10, 2024
Tracked Since
Feb 18, 2026