SAP NetWeaver Application Server for ABAP Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability has been identified in SAP NetWeaver Application Server for ABAP. This issue allows an unauthenticated attacker to create a URL containing a malicious script and deceive an unauthenticated victim into clicking it, thereby executing the script. Successful exploitation could enable the attacker to access and modify limited information within the victim's browser. This vulnerability does not affect the application's availability.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the victim's browser.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP Security Patch Day, which occurs on the second Tuesday of every month. For more information, consult the SAP Security Notes FAQ.