Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform

Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform

CVE-2024-21738 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.

Learn more about our Cis Benchmark Audit For Server Software.