CVE-2023-0021 MEDIUM

CVE-2023-0021: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

Vendor Sap_Se

Product SAP NetWeaver

Weakness CWE-79 · XSS

Published March 14, 2023

Last update February 27, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.

Key dates

02Disclosure timeline

March 14, 2023 CVE published

February 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0021 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2023-0021

CWE CWE-79

CVSS 6.1 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP NetWeaver

Affected 700

Vendor Sap_Se

Product SAP NetWeaver

Affected 701

Vendor Sap_Se

Product SAP NetWeaver

Affected 702

Vendor Sap_Se

Product SAP NetWeaver

Affected 731

Vendor Sap_Se

Product SAP NetWeaver

Affected 740

Vendor Sap_Se

Product SAP NetWeaver

Affected 750

CVE-2023-0021: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

01Description

02Disclosure timeline

03References

04Related CVE