| |
Vulnerability CVE-2024-34687
Published: 2024-05-14
| Description: |
SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
An attacker can control code that is executed within a user??s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user??s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system.
|
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References: |
https://me.sap.com/notes/3448445
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
