Input Sanitization Flaw in SAP NetWeaver ABAP Business Server Pages
CVE-2023-24522

6.1MEDIUM

Key Information:

Vendor
SAP
Status
Netweaver As Abap (bsp Framework)
Vendor
CVE Published:
14 February 2023

Summary

An input sanitization flaw in SAP NetWeaver AS ABAP allows unauthenticated users to alter user sessions through network code injection. This vulnerability can lead to unauthorized access to sensitive data, impacting the confidentiality and integrity of the application. Organizations using affected versions should implement immediate remediation measures to mitigate potential risks.

Affected Version(s)

NetWeaver AS ABAP (BSP Framework) 700

NetWeaver AS ABAP (BSP Framework) 701

NetWeaver AS ABAP (BSP Framework) 702

References

https://launchpad.support.sap.com/#/notes/3269118
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.