CVE-2023-24521: XSS
First published: Tue Feb 14 2023(Updated: )
Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver AS for ABAP | =700 | |
| SAP NetWeaver AS for ABAP | =701 | |
| SAP NetWeaver AS for ABAP | =702 | |
| SAP NetWeaver AS for ABAP | =731 | |
| SAP NetWeaver AS for ABAP | =740 | |
| SAP NetWeaver AS for ABAP | =750 | |
| SAP NetWeaver AS for ABAP | =751 | |
| SAP NetWeaver AS for ABAP | =752 | |
| SAP NetWeaver AS for ABAP | =753 | |
| SAP NetWeaver AS for ABAP | =754 | |
| SAP NetWeaver AS for ABAP | =755 | |
| SAP NetWeaver AS for ABAP | =756 | |
| SAP NetWeaver AS for ABAP | =757 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-24521?
CVE-2023-24521 has been identified as a high-severity vulnerability due to its potential for exploitation by unauthenticated users.
How do I fix CVE-2023-24521?
To fix CVE-2023-24521, users should apply the latest security patches provided by SAP for affected versions of SAP NetWeaver AS ABAP.
Which versions of SAP NetWeaver AS ABAP are affected by CVE-2023-24521?
CVE-2023-24521 affects SAP NetWeaver AS ABAP versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, and 757.
What type of attack does CVE-2023-24521 enable?
CVE-2023-24521 enables an unauthenticated user to alter an existing user's session through code injection.
Is CVE-2023-24521 being actively exploited in the wild?
There are indications that CVE-2023-24521 may be actively exploited, which increases the urgency for users to secure their systems.
- agent/severity
- agent/type
- agent/author
- agent/weakness
- agent/event
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver as for abap
- version/sap netweaver as for abap/700
- version/sap netweaver as for abap/701
- version/sap netweaver as for abap/702
- version/sap netweaver as for abap/731
- version/sap netweaver as for abap/740
- version/sap netweaver as for abap/750
- version/sap netweaver as for abap/751
- version/sap netweaver as for abap/752
- version/sap netweaver as for abap/753
- version/sap netweaver as for abap/754
- version/sap netweaver as for abap/755
- version/sap netweaver as for abap/756
- version/sap netweaver as for abap/757