Description
SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or its manipulation. There is no impact on availability.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- SAP_SE / SAP NetWeaver Application Server ABAPKRNL64UC 7.53 – KRNL64UC 7.53
- SAP_SE / SAP NetWeaver Application Server ABAPKERNEL 7.53 – KERNEL 7.53
- SAP_SE / SAP NetWeaver Application Server ABAP7.54 – 7.54
- SAP_SE / SAP NetWeaver Application Server ABAP7.77 – 7.77
- SAP_SE / SAP NetWeaver Application Server ABAP7.89 – 7.89
- SAP_SE / SAP NetWeaver Application Server ABAP7.93 – 7.93