CVE-2022-29618

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

3.1%

top 13.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Development Infrastructure (design Time Repository)SAP Netweaver Development Infrastructure

Timeline

PublishedJun 14

Latest updateJun 15

Description

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_development_infrastructure_(design_time_repository)4 versions+3

▶NVDsap/netweaver_development_infrastructure4 versions+3

🔴Vulnerability Details

GHSA

GHSA-gv2x-f8q9-774h: Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7↗2022-06-15

▶

CVEList

CVE-2022-29618: Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7↗2022-06-14

▶