← Back

CVE-2024-34687

nvd nist
Published: May 14, 2024Modified: Oct 23, 2025

JSON object

Loading...
9.0
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Exploitability: 2.3 / Impact: 6.0
Source: NVD

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system.

Affected (16)

Products: Sap: Sap Basis
Sap
1 product
Sap Basis
Configuration A
16 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Sap Basis
Version 700
Sap Basis
Version 701
Sap Basis
Version 702
Sap Basis
Version 731
Sap Basis
Version 740
Sap Basis
Version 750
Sap Basis
Version 751
Sap Basis
Version 752
Sap Basis
Version 753
Sap Basis
Version 754
Sap Basis
Version 755
Sap Basis
Version 756
Sap Basis
Version 757
Sap Basis
Version 758
Sap Basis
Version 795
Sap Basis
Version 796

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Patch

Timeline

No history available yet.