Detections
Analytics

CVE-2024-34687

medium

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system.

References

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2024.html

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

https://me.sap.com/notes/3448445

Details

Source: Mitre, NVD

Published: 2024-05-14

Updated: 2024-05-14

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Severity: Medium