Vulnerabilities > CVE-2023-24521 - Unspecified vulnerability in SAP Netweaver AS Abap Business Server Pages

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2023-02-14

Updated: 2024-11-21

Summary

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver AS Abap Business Server Pages 700 SAP Netweaver AS Abap Business Server Pages 701 SAP Netweaver AS Abap Business Server Pages 702 SAP Netweaver AS Abap Business Server Pages 731 SAP Netweaver AS Abap Business Server Pages 740 SAP Netweaver AS Abap Business Server Pages 750 SAP Netweaver AS Abap Business Server Pages 751 SAP Netweaver AS Abap Business Server Pages 752 SAP Netweaver AS Abap Business Server Pages 753 SAP Netweaver AS Abap Business Server Pages 754 SAP Netweaver AS Abap Business Server Pages 755 SAP Netweaver AS Abap Business Server Pages 756 SAP Netweaver AS Abap Business Server Pages 757	13

Summary

Vulnerable Configurations

References