Description
SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected products
- SAP_SE / SAP NetWeaver AS ABAP< 740 – < 740
- SAP_SE / SAP NetWeaver AS ABAP< 750 – < 750
- SAP_SE / SAP NetWeaver AS ABAP< 751 – < 751
- SAP_SE / SAP NetWeaver AS ABAP< 752 – < 752
- SAP_SE / SAP NetWeaver AS ABAP< 753 – < 753
- SAP_SE / SAP NetWeaver AS ABAP< 754 – < 754