{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T01:23:08.273","vulnerabilities":[{"cve":{"id":"CVE-2023-0021","sourceIdentifier":"cna@sap.com","published":"2023-03-14T05:15:28.367","lastModified":"2024-11-21T07:36:24.610","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.\n\n"}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver:700:*:*:*:*:*:*:*","matchCriteriaId":"A7FED49E-6F9A-494A-9226-1059249960A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver:701:*:*:*:*:*:*:*","matchCriteriaId":"4836C36D-242F-4818-81B4-C170959D02F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver:702:*:*:*:*:*:*:*","matchCriteriaId":"6A503ABF-8655-40D7-96AD-2D7F19A673AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver:731:*:*:*:*:*:*:*","matchCriteriaId":"8A9D5C5A-6963-438B-B0EA-2A621A34D8A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver:740:*:*:*:*:*:*:*","matchCriteriaId":"BFFA1591-0304-4FAE-A6A7-72D04D1F41A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver:750:*:*:*:*:*:*:*","matchCriteriaId":"7940A9AF-308E-4CE5-BA19-7A3DCF49F644"}]}]}],"references":[{"url":"https://launchpad.support.sap.com/#/notes/3274920","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/3274920","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}