CVE-2024-21738 MEDIUM

CVE-2024-21738: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform

Vendor Sap_Se
Product SAP NetWeaver ABAP Application Server and ABAP Platform
Weakness CWE-79 · XSS
Published January 9, 2024
Last update June 3, 2025

CVSS base score

4.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.

Key dates

02Disclosure timeline

January 9, 2024 CVE published
June 3, 2025 Record updated