SAP NetWeaver BSP Code Exec via Unauth Injection
CVE-2023-25614 Published on February 14, 2023
SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application.
Vulnerability Analysis
CVE-2023-25614 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2023-25614 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2023-25614
stack.watch emails you whenever new vulnerabilities are published in SAP Netweaver Application Server Abap or SAP Netweaver As Abap. Just hit a watch button to start following.
Affected Versions
SAP NetWeaver AS ABAP (BSP Framework):- Version 700 is affected.
- Version 701 is affected.
- Version 702 is affected.
- Version 731 is affected.
- Version 740 is affected.
- Version 750 is affected.
- Version 751 is affected.
- Version 752 is affected.
- Version 753 is affected.
- Version 754 is affected.
- Version 755 is affected.
- Version 756 is affected.
- Version 757 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.