CVE-2024-34687

{"id": "CVE-2024-34687", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2024-05-14T16:17:26.143", "references": [{"url": "https://me.sap.com/notes/3448445", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["Patch"], "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/3448445", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\nAn attacker can control code that is executed within a user\u2019s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user\u2019s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system.\n"}, {"lang": "es", "value": "SAP NetWeaver Application Server para ABAP y la plataforma ABAP no codifican suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross Site Scripting (XSS). Un atacante puede controlar el c\u00f3digo que se ejecuta dentro del navegador de un usuario, lo que podr\u00eda dar como resultado la modificaci\u00f3n, la eliminaci\u00f3n de datos, incluido el acceso o la eliminaci\u00f3n de archivos, o el robo de cookies de sesi\u00f3n que un atacante podr\u00eda usar para secuestrar la sesi\u00f3n de un usuario. Por lo tanto, esto podr\u00eda tener un impacto en la confidencialidad, la integridad y la disponibilidad del sistema."}], "lastModified": "2025-10-23T20:28:16.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85616273-040E-49CB-8EB6-D2D4D7B603E5"}, {"criteria": "cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5F2C3A9-DCC0-4FF1-8E68-9EA150E209F6"}, {"criteria": "cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F774A45-2A9F-4873-A5DC-766D030C8CCD"}, {"criteria": "cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3A0A2D6-9259-4A35-A236-F4BEE986C1FD"}, {"criteria": "cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49C3A8E5-FA6A-4EF3-BF50-FD4E1576024F"}, {"criteria": "cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABA8AB4E-3FE6-46A8-847E-660C5DF6CE71"}, {"criteria": "cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DA4A6F0-C0F1-42CB-8BBD-7198064733EA"}, {"criteria": "cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C121CC9-26F6-4103-8EB0-BAFF6B5B5FE8"}, {"criteria": "cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86086D00-10BF-4C55-8D87-82CCBE468153"}, {"criteria": "cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F25246A-D9E5-4F0D-B91A-478D4E5570DB"}, {"criteria": "cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0218695F-C4AD-46BF-B176-F10C644A9C2D"}, {"criteria": "cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC9E7C3E-1005-450A-9198-E014C1BAADBC"}, {"criteria": "cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A177AB1-CC85-46EF-91DF-462096608C9F"}, {"criteria": "cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7591F81-708C-4285-9BB2-F2B4BDB9759B"}, {"criteria": "cpe:2.3:a:sap:sap_basis:795:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD27E9BD-7102-4B8B-A75A-8A94678F8633"}, {"criteria": "cpe:2.3:a:sap:sap_basis:796:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C70D7AC0-0389-4F7A-8ECC-B1BADB02418D"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}