{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T22:05:28.044","vulnerabilities":[{"cve":{"id":"CVE-2024-21738","sourceIdentifier":"cna@sap.com","published":"2024-01-09T02:15:46.020","lastModified":"2024-11-21T08:54:54.690","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.\n\n"},{"lang":"es","value":"SAP NetWeaver ABAP Application Server y ABAP Platform no codifican suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS). Un atacante con pocos privilegios puede causar un impacto limitado en la confidencialidad de los datos de la aplicación después de una explotación exitosa."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:79:*:*:*:sap_basis:*:*:*","matchCriteriaId":"7E795D39-9D29-4CFC-BDB7-5E990A386647"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*","matchCriteriaId":"6F048ED9-2DDF-4EB9-8571-73832AFABF6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*","matchCriteriaId":"C37DC475-6B9A-493C-9A6F-28CDD65D2A5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*","matchCriteriaId":"2BD9FE51-F76C-439A-A3C0-5279EC1059F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*","matchCriteriaId":"4EB54432-0E1A-45F2-BEE1-8DC28FAADA9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*","matchCriteriaId":"8E96C58C-ED44-487B-A67E-FDAE3C29023A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*","matchCriteriaId":"A14DF5EB-B8CE-4A47-9959-2F65A5DCEF5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:*","matchCriteriaId":"3E0CA53D-4335-4872-B527-30802E31B893"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*","matchCriteriaId":"419BA423-0803-4F51-8889-014A521F02CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*","matchCriteriaId":"DA20ECDC-8807-462C-A0F0-70DF6F5A119B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:*","matchCriteriaId":"800AAC21-325C-4F16-AE5A-9F89327E5356"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:*","matchCriteriaId":"BDC15DB7-A95B-475F-AAA6-60A801F65690"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:*","matchCriteriaId":"55A2FECF-A32E-4188-9563-E8BA0E952261"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:*","matchCriteriaId":"9CBF2E53-17F0-4BF0-9C38-749C7E611BF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_basis:*:*:*","matchCriteriaId":"5160572B-E3AB-4B96-8950-07DDAFA0E4A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:793:*:*:*:sap_basis:*:*:*","matchCriteriaId":"AB104F44-D209-41D3-AE25-A5A4A8CE3323"}]}]}],"references":[{"url":"https://me.sap.com/notes/3387737","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://me.sap.com/notes/3387737","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}