CVE-2022-39799Cross-site Scripting in SE SAP Netweaver AS Abap

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 35.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS AbapSAP Netweaver Application Server Abap
Timeline
PublishedSep 13
Latest updateSep 14

Description

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDsap/netweaver_application5 versions+4
CVEListV5sap_se/sap_netweaver_as_abap5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-2gh9-j675-j2ff: An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cros2022-09-14
CVEList
CVE-2022-39799: An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cros2022-09-13
CVE-2022-39799 — Cross-site Scripting | cvebase