SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3387737 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2024-01-09T01:19:29.437Z
Updated: 2024-01-09T01:19:29.437Z
Reserved: 2024-01-01T10:54:59.645Z
Link: CVE-2024-21738
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-09T02:15:46.020
Modified: 2024-01-11T22:54:02.190
Link: CVE-2024-21738
JSON object: View
Redhat Information
No data.
CWE