Scribd Logo
Upload

Welcome to Scribd!

  • Sap Note 3283283

    Uploaded by

    Pablo Blanco
    82 views4 pages

    Original Title

    SAP NOTE 3283283

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    82 views4 pages

    Sap Note 3283283

    Uploaded by

    Pablo Blanco

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 4
    1 0129, 193 PM 3283283 - [CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NelWeaver AS for ABAP and ABAP Platform SP” SAP Security Note 3283283 - [CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform Component: BC-ABA-LA (Syntax, Compiler, Runtime), Version: 5, Released On: 10.01.2023 | Symptom ‘The ABAP Keyword Documentation of SAP NetWeaver Application Server for ABAP and ABAP Platform does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application | Other Terms XSS, reflected XSS, CSS, CVE-2023-0013 (https:/iwww.cve.org/CVERecord?id=CVE-2023-0013) | Reason and Prerequisites The URL for the web version of the ABAP keyword documentation is not sufficiently protected against illegal path extensions. Such path extensions are possible since Internet Communication Framework allows longer URLs than necessary for the ABAP Keyword Documentation. | Solution By this correction invalid path specifications are rejected Please implement the Support Package mentioned in this SAP Note or the respective correction instruction | Manual Activities | cvss CVSS Score : 6.1 CVSS Vector : CVSS:3.0/AV:N/AC:LIPR:N/UL-R/S:C/C:LIL:LIA:N ‘Attack Vector (AV) Network (N) ‘Attack Complexity (AC) Low (L) hitps:luserapps support sap.com/sap/supportisfm/notes/prinv0003283283 language=EBtoke -9AZETDAICIBAFC19997 7601269953 1 ‘vs8i29, 1.93 PM 3283283 - [CVE-2023-0013] Cross-Site Scripting (KSS) vulnerablily in SAP NelWeaver AS for ABAP and ABAP Platform Privileges Required (PR) User Interaction (UI) ‘Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availabilty Impact (A) None (N) Required (R) Changed (C) Low (L) Low (L) None (N) SAP provides this CVSS v3.0 base score as an estimate of the risk posed by the issue reported in this note This estimate does not take into account your own system configuration or operational environment. Itis not intended to replace any risk assessments you are advised to conduct when deciding on the applicability or priority of this SAP security note. For more information, see the FAQ section at https://support sap.com/securitynotes (https:/support sap.com/securitynotes) | Attributes Key Externally Reported | Software Components Software Component ‘SAP_BASIS SAP_BASIS SAP_BASIS SAP_BASIS | Correction Instructions Software Component ‘SAP_BASIS {(https://launchpad support sap. com#/corrins/0003283283/41) hitpsluserapps.suppart sap.com/saplsupportisfminotes/rinv00032832832Ianguage-EBtoken= Value Yes And subsequent Number of Correct Instructions " (COAZETDAICIBAFC1999776012E9953 28 ‘vs8r29, 1.93 PM Software Component SAP_BASIS SAP_BASIS SAP_BASIS SAP_BASIS | Prerequisites From To SAP Note/KBA Title Component 750 751 752 753 750 2996479 [CVE-2020-26835] Cross-Site BC-ABA-LA (Isap/supportinotes/2996479 ) Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP 751 2996479 [CVE-2020-26835] Cross-Site BC-ABA-LA (/sap/supportinotes/2996479 ) Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP. 752 2996479 [CVE-2020-26835] Cross-Site BC-ABA-LA (/sap/supportinotes/2996479 ) Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP 753 2996479 [CVE-2020-26835] Cross-Site BC-ABA-LA (/sap/supportinotes/2996479 ) Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP | Support Package Software Component Version SAP_BASIS 702 ‘SAP_BASIS 731 SAP_BASIS 740 SAP_BASIS 750 SAP_BASIS 751 SAP_BASIS 752 SAP_BASIS 753, ‘SAP_BASIS 754 SAP_BASIS 755 SAP_BASIS 756 SAP_BASIS 757 hitpsluserapps support sap.com/sap/supportistm/notes/prinv00032832832language-EBtoke ‘Support Package ‘SAPKB70226 (https:/flaunchpad.support.sap. com/#t/supportpackage/SAPKB70226) ‘SAPKB73133 (https:/aunchpad.support.sap.com/#/supportpackage/SAPKB73133) ‘SAPKB74030 (https:/launchpad. support sap. com/#/supportpackage/SAPKB74030) ‘SAPK-75027INSAPBASIS (https:/Maunchpad.support.sap.com/#/supportpackage/SAPK-75027INSAPBASIS) SAPK-75116INSAPBASIS (https:/aunchpad.support.sap.com/#/supportpackage/SAPK-75116INSAPBASIS) SAPK-75212INSAPBASIS (https:/taunchpad.support.sap.com/#/supportpackage/SAPK-75212INSAPBASIS) SAPK-75310INSAPBASIS (https:/aunchpad.support.sap.com/#/supportpackage/SAPK-75310INSAPBASIS) ‘SAPK-75408INSAPBASIS (https:/aunchpad.support.sap.com/#/supportpackage/SAPK-75408INSAPBASIS) ‘SAPK-75506INSAPBASIS (https:/launchpad.support.sap.com/#/supportpackage/SAPK-75506INSAPBASIS) ‘SAPK-75604INSAPBASIS (https:/aunchpad.support sap.com/#/supportpackage/SAPK-75604INSAPBASIS) ‘SAPK-75702INSAPBASIS (https:/launchpad.support sap.com/##/supportpackage/SAPK-75702INSAPBASIS) -9AZETDAICIBAFC19997 7601269953 aia | This document is referenced by SAP Note/KBA Title 0 hitpsluserapps.suppart sap.com/saplsupportisfminotes/rinv00032832832Ianguage-EBtoken= (COAZETDAICIBAFC1999776012E9953 as

    You might also like