mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-12 02:04:49 +00:00
72 lines
2.6 KiB
JSON
72 lines
2.6 KiB
JSON
{
|
|
"id": "CVE-2024-32733",
|
|
"sourceIdentifier": "cna@sap.com",
|
|
"published": "2024-05-14T16:17:10.490",
|
|
"lastModified": "2024-11-21T09:15:35.440",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "\nDue to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify sensitive information with no impact on availability of the application\n\n"
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Debido a la falta de validaci\u00f3n de entrada y codificaci\u00f3n de salida de datos que no son confiables, SAP NetWeaver Application Server ABAP y ABAP Platform permiten que un atacante no autenticado inyecte c\u00f3digo JavaScript malicioso en la p\u00e1gina web manipulada din\u00e1micamente. Si la explotaci\u00f3n tiene \u00e9xito, el atacante puede acceder o modificar informaci\u00f3n confidencial sin impacto en la disponibilidad de la aplicaci\u00f3n."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "cna@sap.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"baseScore": 6.1,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 2.7
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "cna@sap.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://me.sap.com/notes/3450286",
|
|
"source": "cna@sap.com"
|
|
},
|
|
{
|
|
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364",
|
|
"source": "cna@sap.com"
|
|
},
|
|
{
|
|
"url": "https://me.sap.com/notes/3450286",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |