CVSS 3.1 Score 5.4 of 10 (medium)


Published Jan 9, 2024
Updated: Jan 11, 2024


CVE-2024-21738 is a Cross-Site Scripting (XSS) vulnerability that affects SAP NetWeaver ABAP Application Server and ABAP Platform. The vulnerability occurs due to insufficient encoding of user-controlled inputs. An attacker with low privileges can exploit this vulnerability to cause limited impact on the confidentiality of the application data. The vulnerability has a moderate risk score of 26 and a base severity rating of MEDIUM. The exploitability score is 2.3, indicating a relatively low difficulty in exploiting the vulnerability. Remediation measures should be taken to address this vulnerability and prevent potential attacks on the affected products, which include various SAP NetWeaver ABAP components and modules.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-21738 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options