SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user.
2021-06-09T14:15:08.010
2024-11-21T05:48:28.693
Modified
CVSSv3.1: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | sap | netweaver_application_server_abap | 75a | Yes |
| Application | sap | netweaver_application_server_abap | 75f | Yes |
| Application | sap | netweaver_application_server_abap | 700 | Yes |
| Application | sap | netweaver_application_server_abap | 702 | Yes |
| Application | sap | netweaver_application_server_abap | 710 | Yes |
| Application | sap | netweaver_application_server_abap | 711 | Yes |
| Application | sap | netweaver_application_server_abap | 730 | Yes |
| Application | sap | netweaver_application_server_abap | 731 | Yes |
| Application | sap | netweaver_application_server_abap | 750 | Yes |
| Application | sap | netweaver_application_server_abap | 752 | Yes |