SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data displayed in the client�s browser. This results in a high impact on confidentiality, low impact on integrity with no impact on availability of the application.
| Vendor | Product | Versions |
|---|---|---|
| sap | sap netweaver application server java(configuration wizard) | LMCTC 7.50 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| sap | sap software | cert_advisory | 90% |
Updated severity to CRITICAL and marked the vulnerability as actively exploited.
Initial creation