What is CVE-2023-0021?

CVE-2023-0021 is a vulnerability in SAP NetWeaver versions 700, 701, 702, 731, 740, and 750 that allows an unauthenticated attacker to inject code, potentially exposing sensitive data like user ID and password.

How can an attacker exploit CVE-2023-0021?

An attacker can exploit CVE-2023-0021 by injecting malicious code into user input, which, if not properly encoded, can lead to reflected Cross-Site Scripting (XSS) attacks.

What is the severity of CVE-2023-0021?

CVE-2023-0021 has a severity rating of 6.1 out of 10, classified as medium severity.

Which versions of SAP NetWeaver are affected by CVE-2023-0021?

Versions 700, 701, 702, 731, 740, and 750 of SAP NetWeaver are affected by CVE-2023-0021.

How can I mitigate the vulnerability CVE-2023-0021?

To mitigate the vulnerability CVE-2023-0021, it is recommended to apply the necessary patches and updates provided by SAP. Additionally, validating and properly encoding user input can help prevent code injection attacks.

Vulnerability/
CVE-2023-0021

medium

6.1

CWE

14/3/2023

16/3/2023

CVE-2023-0021: XSS

First published: Tue Mar 14 2023(Updated: )

Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP NetWeaver	=700
SAP NetWeaver	=701
SAP NetWeaver	=702
SAP NetWeaver	=731
SAP NetWeaver	=740
SAP NetWeaver	=750

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-0021?
CVE-2023-0021 is a vulnerability in SAP NetWeaver versions 700, 701, 702, 731, 740, and 750 that allows an unauthenticated attacker to inject code, potentially exposing sensitive data like user ID and password.
How can an attacker exploit CVE-2023-0021?
An attacker can exploit CVE-2023-0021 by injecting malicious code into user input, which, if not properly encoded, can lead to reflected Cross-Site Scripting (XSS) attacks.
What is the severity of CVE-2023-0021?
CVE-2023-0021 has a severity rating of 6.1 out of 10, classified as medium severity.
Which versions of SAP NetWeaver are affected by CVE-2023-0021?
Versions 700, 701, 702, 731, 740, and 750 of SAP NetWeaver are affected by CVE-2023-0021.
How can I mitigate the vulnerability CVE-2023-0021?
To mitigate the vulnerability CVE-2023-0021, it is recommended to apply the necessary patches and updates provided by SAP. Additionally, validating and properly encoding user input can help prevent code injection attacks.

collector/nvd-index
agent/weakness
vendor/sap
canonical/sap netweaver
version/sap netweaver/700
version/sap netweaver/701
version/sap netweaver/702
version/sap netweaver/731
version/sap netweaver/740
version/sap netweaver/750

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.