CVE-2024-47594
published 2024-10-08CVE-2024-47594: SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | netweaver_enterprise_portal | — | — |
| sap_se | sap_netweaver_enterprise_portal | — | — |