An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap netweaver application server abap krnl64nuc_7.22 |
||
sap netweaver application server abap kernel_7.22 |
||
sap netweaver application server abap krnl64uc_7.22 |
||
sap netweaver application server abap 7.49 |
||
sap netweaver application server abap 7.53 |
||
sap netweaver application server abap 7.77 |
||
sap netweaver application server abap 7.81 |
||
sap netweaver application server abap 7.22ext |
||
sap netweaver application server abap 7.85 |
||
sap netweaver application server abap 7.89 |
||
sap netweaver application server abap 7.54 |