VYPR
Unrated severityNVD Advisory· Published Mar 14, 2023· Updated Feb 27, 2025

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

CVE-2023-0021

Description

Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.

Affected products

2
  • SAP/Netweaverllm-fuzzy2 versions
    700, 701, 702, 731, 740, 750+ 1 more
    • (no CPE)range: 700, 701, 702, 731, 740, 750
    • (no CPE)range: 700

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.