Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform
CVE-2024-21738

4.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Abap Application Server And Abap Platform
Vendor: CVE Published:; 9 January 2024

What is CVE-2024-21738?

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP NetWeaver ABAP Application Server and ABAP Platform SAP_BASIS 700

SAP NetWeaver ABAP Application Server and ABAP Platform SAP_BASIS 701

SAP NetWeaver ABAP Application Server and ABAP Platform SAP_BASIS 702

References

https://me.sap.com/notes/3387737

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 9, 2024
Vulnerability Reserved
Jan 1, 2024

JSON

SAP