CVE-2023-0013

2023-01-1003:15:10

CWE-79

[email protected]

web.nvd.nist.gov

sap netweaver

abap

xss

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.3%

JSON

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.

Affected configurations

Nvd

Node

sapnetweaver_application_server_abapMatch702

sapnetweaver_application_server_abapMatch731

sapnetweaver_application_server_abapMatch740

sapnetweaver_application_server_abapMatch750

sapnetweaver_application_server_abapMatch751

sapnetweaver_application_server_abapMatch752

sapnetweaver_application_server_abapMatch753

sapnetweaver_application_server_abapMatch754

sapnetweaver_application_server_abapMatch755

sapnetweaver_application_server_abapMatch756

sapnetweaver_application_server_abapMatch757

VendorProductVersionCPE
sapnetweaver_application_server_abap702cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*
sapnetweaver_application_server_abap731cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*
sapnetweaver_application_server_abap740cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
sapnetweaver_application_server_abap750cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
sapnetweaver_application_server_abap751cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*
sapnetweaver_application_server_abap752cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*
sapnetweaver_application_server_abap753cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*
sapnetweaver_application_server_abap754cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*
sapnetweaver_application_server_abap755cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*
sapnetweaver_application_server_abap756cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_application_server_abap	702	cpe:2.3:a:sap:netweaver_application_server_abap:702:::::::*
sap	netweaver_application_server_abap	731	cpe:2.3:a:sap:netweaver_application_server_abap:731:::::::*
sap	netweaver_application_server_abap	740	cpe:2.3:a:sap:netweaver_application_server_abap:740:::::::*
sap	netweaver_application_server_abap	750	cpe:2.3:a:sap:netweaver_application_server_abap:750:::::::*
sap	netweaver_application_server_abap	751	cpe:2.3:a:sap:netweaver_application_server_abap:751:::::::*
sap	netweaver_application_server_abap	752	cpe:2.3:a:sap:netweaver_application_server_abap:752:::::::*
sap	netweaver_application_server_abap	753	cpe:2.3:a:sap:netweaver_application_server_abap:753:::::::*
sap	netweaver_application_server_abap	754	cpe:2.3:a:sap:netweaver_application_server_abap:754:::::::*
sap	netweaver_application_server_abap	755	cpe:2.3:a:sap:netweaver_application_server_abap:755:::::::*
sap	netweaver_application_server_abap	756	cpe:2.3:a:sap:netweaver_application_server_abap:756:::::::*