CVE-2024-45280

Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3505503
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

10 Sep 2024, 12:09

Type	Values Removed	Values Added
Summary		(es) Debido a la codificación insuficiente de las entradas controladas por el usuario, SAP NetWeaver AS Java permite la ejecución de scripts maliciosos en la aplicación de inicio de sesión. Esto tiene un impacto limitado en la confidencialidad y la integridad de la aplicación. No tiene impacto en la disponibilidad.

10 Sep 2024, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 05:15

Updated : 2024-09-10 12:09

NVD link : CVE-2024-45280

Mitre link : CVE-2024-45280

CVE.ORG link : CVE-2024-45280

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.8 /10