CVE-2023-24522

moderate-risk

Published 2023-02-14

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.

Do I need to act?

1.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (5)

Netweaver Application Server Abap

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/3269118

Vendor Advisory https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Permissions Required https://launchpad.support.sap.com/#/notes/3269118

Vendor Advisory https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 4/34 · Minimal

Exposure 12/34 · Low