SAP NetWeaver Application Server ABAP Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in SAP NetWeaver Application Server ABAP. The issue arises because the application does not properly encode user-controlled inputs, allowing an attacker to inject malicious JavaScript into a website. This injected script is executed when a user visits the compromised page, potentially compromising the confidentiality and integrity of the user's browser session.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user visiting the affected page.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically during the monthly SAP Security Patch Day.