CVE-2023-33984

Cross-Site Scripting (XSS) vulnerability in NetWeaver (Design Time Repository)

Description

SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could lead to Cross-Site Scripting vulnerability.

Category

6.4
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.43%
Vendor Advisory sap.com
Affected: SAP_SE SAP NetWeaver (Design Time Repository)
Published at:
Updated at:

References

Link Tags
https://launchpad.support.sap.com/#/notes/3318657 permissions required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-33984?
CVE-2023-33984 has been scored as a medium severity vulnerability.
How to fix CVE-2023-33984?
To fix CVE-2023-33984, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-33984 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-33984 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-33984?
CVE-2023-33984 affects SAP_SE SAP NetWeaver (Design Time Repository).
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.