Insufficient Input Sanitization in SAP NetWeaver AS ABAP BSP Framework
CVE-2023-24521

6.1MEDIUM

Key Information:

Vendor
SAP
Status
Netweaver As Abap (bsp Framework)
Vendor
CVE Published:
14 February 2023

Summary

The SAP NetWeaver AS ABAP BSP Framework is susceptible to an input validation vulnerability. Due to insufficient input sanitization, unauthenticated users may exploit this flaw to inject malicious code over the network. This allows them to manipulate the current user session and potentially access unintended data, raising concerns about the confidentiality and integrity of sensitive application information.

Affected Version(s)

NetWeaver AS ABAP (BSP Framework) 700

NetWeaver AS ABAP (BSP Framework) 701

NetWeaver AS ABAP (BSP Framework) 702

References

https://launchpad.support.sap.com/#/notes/3269151
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.