SAP NetWeaver Application Server ABAP CSS Injection Vulnerability

A vulnerability in SAP NetWeaver Application Server ABAP allows for the injection of custom Cascading Style Sheets (CSS) into web pages served by the application. This issue arises from improper input handling under certain conditions. When a user accesses the affected page, the injected CSS is executed. While this vulnerability has a low impact on confidentiality, it does not affect integrity or availability.

Impact

Exploitation of this vulnerability allows for the injection and execution of custom CSS, which could be used to manipulate the appearance of the web page or potentially exploit other vulnerabilities, such as Cross-Site Scripting (XSS).

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying patches or updates. Security fixes for SAP NetWeaver based products are delivered with the support packages. For information on the latest SAP Security Patch Day, refer to the SAP Security Patch Day Bulletin.