ByteOS Network

Vulnerability Details :

CVE-2024-34687

Assigner-sap

Assigner Org ID-e4686d1a-f260-4930-ac4c-2f5c992778dd

Published At-14 May, 2024 | 03:56

Updated At-02 Aug, 2024 | 02:59

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:sap

Assigner Org ID:e4686d1a-f260-4930-ac4c-2f5c992778dd

Published At:14 May, 2024 | 03:56

Updated At:02 Aug, 2024 | 02:59

▼CVE Numbering Authority (CNA)

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

Affected Products

Vendor

SAP SE

Product

SAP NetWeaver Application server for ABAP and ABAP Platform

Default Status

unaffected

Versions

Affected

SAP_BASIS 700
SAP_BASIS 701
SAP_BASIS 702
SAP_BASIS 731
SAP_BASIS 740
SAP_BASIS 750
SAP_BASIS 751
SAP_BASIS 752
SAP_BASIS 753
SAP_BASIS 754
SAP_BASIS 755
SAP_BASIS 756
SAP_BASIS 757
SAP_BASIS 758
SAP_BASIS 795
SAP_BASIS 796

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79: Improper Neutralization of Input During Web Page Generation

Type: CWE

CWE ID: CWE-79

Description: CWE-79: Improper Neutralization of Input During Web Page Generation

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

References

Hyperlink	Resource
https://me.sap.com/notes/3448445	N/A
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html	N/A

Hyperlink: https://me.sap.com/notes/3448445

Resource: N/A

Hyperlink: https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

SAP SE

Product

sap_netweaver_application_server_for_abap_and_abap_platform

CPEs

cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:sap_basis_700:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 700 through 796 (custom)

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://me.sap.com/notes/3448445	x_transferred
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html	x_transferred

Hyperlink: https://me.sap.com/notes/3448445

Resource:

x_transferred

Hyperlink: https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

Resource:

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@sap.com

Published At:14 May, 2024 | 16:17

Updated At:14 May, 2024 | 19:17

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	cna@sap.com

CWE ID: CWE-79

Type: Primary

Source: cna@sap.com

References

Hyperlink	Source	Resource
https://me.sap.com/notes/3448445	cna@sap.com	N/A
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html	cna@sap.com	N/A

Hyperlink: https://me.sap.com/notes/3448445

Source: cna@sap.com

Resource: N/A

Hyperlink: https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

Source: cna@sap.com

Resource: N/A

Similar CVEs

2216Records found

CVE-2024-33948

Matching Score-4

CVE-2024-34687

Credits

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs