Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) by SAP_SE

    CVE-2024-45279 (GCVE-0-2024-45279)

    Vulnerability from nvd – Published: 2024-09-10 04:29 – Updated: 2024-09-10 13:20
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
    Summary
    Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 75C
    Affected: 75D
    Affected: 75E
    Affected: 75F
    Affected: 75G
    Affected: 75H
    Affected: 75I
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45279",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T13:20:24.409522Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T13:20:33.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "75C"
                },
                {
                  "status": "affected",
                  "version": "75D"
                },
                {
                  "status": "affected",
                  "version": "75E"
                },
                {
                  "status": "affected",
                  "version": "75F"
                },
                {
                  "status": "affected",
                  "version": "75G"
                },
                {
                  "status": "affected",
                  "version": "75H"
                },
                {
                  "status": "affected",
                  "version": "75I"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim\u0027s browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim\u0027s browser giving the attacker the ability to access and/or modify information with no effect on availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T04:29:45.830Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3501359"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-45279",
        "datePublished": "2024-09-10T04:29:45.830Z",
        "dateReserved": "2024-08-26T10:39:20.932Z",
        "dateUpdated": "2024-09-10T13:20:33.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45279 (GCVE-0-2024-45279)

    Vulnerability from cvelistv5 – Published: 2024-09-10 04:29 – Updated: 2024-09-10 13:20
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
    Summary
    Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 75C
    Affected: 75D
    Affected: 75E
    Affected: 75F
    Affected: 75G
    Affected: 75H
    Affected: 75I
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45279",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T13:20:24.409522Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T13:20:33.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "75C"
                },
                {
                  "status": "affected",
                  "version": "75D"
                },
                {
                  "status": "affected",
                  "version": "75E"
                },
                {
                  "status": "affected",
                  "version": "75F"
                },
                {
                  "status": "affected",
                  "version": "75G"
                },
                {
                  "status": "affected",
                  "version": "75H"
                },
                {
                  "status": "affected",
                  "version": "75I"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim\u0027s browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim\u0027s browser giving the attacker the ability to access and/or modify information with no effect on availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T04:29:45.830Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3501359"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-45279",
        "datePublished": "2024-09-10T04:29:45.830Z",
        "dateReserved": "2024-08-26T10:39:20.932Z",
        "dateUpdated": "2024-09-10T13:20:33.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }