U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-34687

Change History

New CVE Received by NIST 5/14/2024 12:17:26 PM

Action Type Old Value New Value
Added CVSS V3.1

Added CWE

Added Description

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system.
Added Reference

SAP SE https://me.sap.com/notes/3448445 [No types assigned]
Added Reference

SAP SE https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html [No types assigned]