CVE-2023-24529

CVSS V2 None CVSS V3 None
Description
Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.
Overview
  • CVE ID
  • CVE-2023-24529
  • Assigner
  • cna@sap.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-02-14T04:15:12
  • Last Modified Date
  • 2023-04-11T22:15:08
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.40:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.50:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.51:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:7.52:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75c:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75d:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75e:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75f:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75g:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:75h:*:*:*:*:*:*:* 1 OR
References
History
Created Old Value New Value Data Type Notes
2023-04-17 07:40:53 Added to TrackCVE
2023-04-17 07:40:55 Weakness Enumeration new