CVE-2022-35227 — Cross-site Scripting in SE SAP Netweaver Enterprise Portal

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 46.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Enterprise Portal SAP Netweaver Enterprise Portal

Timeline

PublishedJul 12

Latest updateJul 13

Description

A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDsap/netweaver_enterprise_portal4 versions+3

▶CVEListV5sap_se/sap_netweaver_enterprise_portal4 versions+3

🔴Vulnerability Details

GHSA

GHSA-v8wf-ggw9-wxph: A vulnerability in SAP NW EP (WPC) - versions 7↗2022-07-13

▶

CVEList

CVE-2022-35227: A vulnerability in SAP NW EP (WPC) - versions 7↗2022-07-12

▶