CVE-2022-29610 — Cross-site Scripting in SE SAP Netweaver Application Server Abap

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.4%

top 41.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap SAP Netweaver Application Server Abap

Timeline

PublishedMay 11

Latest updateMay 12

Description

SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap4 versions+3

▶NVDsap/netweaver_application4 versions+3

🔴Vulnerability Details

GHSA

GHSA-6v7v-r44c-cv8w: SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored↗2022-05-12

▶

CVEList

CVE-2022-29610: SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored↗2022-05-11

▶