SAP NetWeaver Application Server ABAP Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in SAP NetWeaver Application Server ABAP, specifically in applications based on Business Server Pages. This vulnerability allows an unauthenticated attacker to create a URL that exploits an unprotected URL parameter, embedding a malicious script. When a victim clicks the link, the injected script is executed in the context of the victim's browser, potentially allowing the attacker to access or modify information. This issue affects the confidentiality and integrity of the application, but does not impact availability.

Impact

Exploitation of this vulnerability could lead to reflected cross-site scripting, allowing for the execution of malicious scripts in the context of the user's browser.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. Security fixes for SAP NetWeaver based products are delivered with support packages. For information on the latest SAP Security Patch Day, refer to the SAP Security Patch Day Bulletin Archive.