CVE-2023-33984

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jun 13, 2023

Updated: Jun 20, 2023

CWE ID 79

Summary

CVE-2023-33984 is a vulnerability affecting SAP NetWeaver (Design Time Repository) version 7.50. An attacker, who has already gained authorized access, can exploit this issue by sending a link to a victim containing a file with a malicious content. The repository returns an unfavorable content type for some versioned files, making it possible for the attacker to bypass security measures. This vulnerability increases the risk of Cross-Site Scripting attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SAP Net Weaver

Affected Vendors

SAP SE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rnq2Iq
https://www.cve.org/CVERecord?id=CVE-2023-33984
https://nvd.nist.gov/vuln/detail/CVE-2023-33984

Back to Vulnerability Database