CVE-2024-21738

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.

SAP NetWeaver ABAP Application Server y ABAP Platform no codifican suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS). Un atacante con pocos privilegios puede causar un impacto limitado en la confidencialidad de los datos de la aplicación después de una explotación exitosa.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-01-01 CVE Reserved
2024-01-09 CVE Published
2024-08-01 CVE Updated
2025-01-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	2024-01-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				79 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "79"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				700 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "700"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				701 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "701"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				702 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "702"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				731 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "731"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				740 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "740"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				750 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "750"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				751 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "751"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				752 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "752"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				753 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "753"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				754 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "754"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				755 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "755"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				756 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "756"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				757 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "757"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				758 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "758"		sap_basis		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				793 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "793"		sap_basis		Affected