CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-0021

Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.5%

CVSS Severity

CVSS v3 Score 6.1

References

https://launchpad.support.sap.com/#/notes/3274920
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3274920
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Products affected by CVE-2023-0021

Sap » Netweaver » Version: 700

cpe:2.3:a:sap:netweaver:700
Sap » Netweaver » Version: 701

cpe:2.3:a:sap:netweaver:701
Sap » Netweaver » Version: 702

cpe:2.3:a:sap:netweaver:702
Sap » Netweaver » Version: 731

cpe:2.3:a:sap:netweaver:731
Sap » Netweaver » Version: 740

cpe:2.3:a:sap:netweaver:740
Sap » Netweaver » Version: 750

cpe:2.3:a:sap:netweaver:750

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-0021

Products

Pricing

Contact Us