SAP NetWeaver Application Server ABAP and ABAP Platform Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability has been identified in SAP NetWeaver Application Server ABAP and ABAP Platform. This issue allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL. When a victim clicks on this URL, the malicious payload is executed in their browser. Exploitation of this vulnerability enables the attacker to access or modify sensitive information within the context of the victim's web browser, without affecting the application's availability.

Impact

Successful exploitation allows access to or modification of sensitive information in the victim's web browser, without impacting the application's availability.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, where all Security Notes are available. For details on the SAP Security Patch Day and how to access Security Notes, refer to the SAP Security Notes FAQ.