CVE-2024-34687 Information

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser which could result in modification deletion of data including accessing or deleting files or stealing session cookies which an attacker could use to hijack a user’s session. Hence this could have impact on Confidentiality Integrity and Availability of the system.

Reference

https://me.sap.com/notes/3448445 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html