SAP NetWeaver Application Server ABAP DOM-Based Cross-Site Scripting Vulnerability

A DOM-based Cross-Site Scripting vulnerability has been identified in SAP NetWeaver Application Server ABAP. This issue arises because the application does not adequately encode user-controlled inputs, allowing an attacker to create a malicious web message that targets WEBGUI functionality. Exploitation of this vulnerability enables the execution of harmful JavaScript in the context of the victim's browser, potentially compromising their data or altering browser content. The vulnerability affects users with no special privileges.

Impact

Successful exploitation allows for the execution of malicious JavaScript in the victim's browser, potentially leading to unauthorized data access or manipulation of browser content.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically during the monthly SAP Security Patch Day.