SAP NetWeaver Application Server ABAP and ABAP Platform Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability has been identified in SAP NetWeaver Application Server ABAP and ABAP Platform. This issue allows an unauthenticated attacker to create a malicious link that, when clicked by an authenticated user, injects data into the website's page generation process. The injected content is then executed in the victim's browser, leading to a low impact on confidentiality and integrity, with no effect on the application's availability.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser.

Remediation

Users are advised to review and implement the latest SAP Security Notes. Security fixes for SAP NetWeaver based products are delivered with the support packages. For information on the latest SAP Security Patch Day Notes, refer to the SAP Security Patch Day Bulletin Archive.