CVE-2023-33985

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jun 13, 2023

Updated: Jun 20, 2023

CWE ID 79

Summary

CVE-2023-33985 is a newly discovered vulnerability in SAP NetWeaver Enterprise Portal version 7.50. This issue allows attackers to inject malicious scripts through user-controlled inputs over the network. Consequently, reflected Cross-Site Scripting (XSS) attacks are feasible, expanding the attacker's scope. Successful exploitation may lead to viewing or modifying application information, posing a limited threat to confidentiality and integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SAP Net Weaver

Affected Vendors

SAP SE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rnocel
https://www.cve.org/CVERecord?id=CVE-2023-33985
https://nvd.nist.gov/vuln/detail/CVE-2023-33985

Back to Vulnerability Database