Lucene search

[email protected]CVE-2023-24529

HistoryFeb 14, 2023 - 4:15 a.m.

CVE-2023-24529

2023-02-1404:15:12

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-24529

input validation

bsp application

xss attack

security vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.0%

JSON

Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.

Affected configurations

NVD

Node

sapnetweaver_as_abap_business_server_pagesMatch7.00

sapnetweaver_as_abap_business_server_pagesMatch7.01

sapnetweaver_as_abap_business_server_pagesMatch7.02

sapnetweaver_as_abap_business_server_pagesMatch7.31

sapnetweaver_as_abap_business_server_pagesMatch7.40

sapnetweaver_as_abap_business_server_pagesMatch7.50

sapnetweaver_as_abap_business_server_pagesMatch7.51

sapnetweaver_as_abap_business_server_pagesMatch7.52

sapnetweaver_as_abap_business_server_pagesMatch75c

sapnetweaver_as_abap_business_server_pagesMatch75d

sapnetweaver_as_abap_business_server_pagesMatch75e

sapnetweaver_as_abap_business_server_pagesMatch75f

sapnetweaver_as_abap_business_server_pagesMatch75g

sapnetweaver_as_abap_business_server_pagesMatch75h

CPENameOperatorVersion
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq7.00
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq7.01
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq7.02
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq7.31
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq7.40
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq7.50
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq7.51
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq7.52
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq75c
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq75d

CPE	Name	Operator	Version
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	7.00
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	7.01
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	7.02
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	7.31
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	7.40
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	7.50
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	7.51
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	7.52
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	75c
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	75d

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NetWeaver AS ABAP (Business Server Pages application)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "700"
      },
      {
        "status": "affected",
        "version": "701"
      },
      {
        "status": "affected",
        "version": "702"
      },
      {
        "status": "affected",
        "version": "731"
      },
      {
        "status": "affected",
        "version": "740"
      },
      {
        "status": "affected",
        "version": "750"
      },
      {
        "status": "affected",
        "version": "751"
      },
      {
        "status": "affected",
        "version": "752"
      },
      {
        "status": "affected",
        "version": "75C"
      },
      {
        "status": "affected",
        "version": "75D"
      },
      {
        "status": "affected",
        "version": "75E"
      },
      {
        "status": "affected",
        "version": "75F"
      },
      {
        "status": "affected",
        "version": "75G"
      },
      {
        "status": "affected",
        "version": "75H"
      }
    ]
  }
]