Security Note Cross Site scripting in System Info NWA, SAP security note 1169367

Description

System Info in NWA is not escaping some special characters.

Available fix and Supported packages

LM-CORE | 7.00 | 7.00
LM-CORE | 7.10 | 7.10
SAP-JEE | 6.40 | 6.40
SAP-JEE | 7.00 | 7.01

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1169367

TAGS

#There-is-a-risk-of-cross-site-scripting-through-System-Info-in-NWA.

Explore More

CVE-2025-42944 – Critical Severity Remote Code Execution in SAP NetWeaver RMI-P4

October 14, 2025

Unauthenticated Insecure Deserialization Enabling Complete System Takeover CVSS 10.0 / 10 HotNews Priority No Authentication Remote Code Execution Published: October 14, 2025

CVE-2025-42937 – Critical Directory Traversal Vulnerability in SAP Print Service

October 14, 2025

Unauthenticated Path Traversal Enabling System-Wide File Manipulation CVSS 9.8 HotNews Priority No Authentication Required Published: October 14, 2025 Component: SAPSPRINT 🚨 Maximum

CVE-2025-42910 – Critical Unrestricted File Upload Vulnerability in SAP SRM

October 14, 2025

Deep Analysis of a High-Severity Flaw in SAP Supplier Relationship Management CVSS 9.0 HotNews Priority Published: October 14, 2025 Component: SRMNXP01 🚨

SAP Security Patch Day October 2025 – Critical Updates

October 14, 2025

SAP has released its October 2025 security patch package containing 16 security notes addressing critical vulnerabilities across enterprise SAP environments. This release