Cross-Site Scripting Vulnerability in SAP Enterprise Threat Detection
CVE-2022-22529

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Enterprise Threat Detection
Vendor: CVE Published:; 14 January 2022

Summary

SAP Enterprise Threat Detection (ETD) version 2.0 is susceptible to a Cross-Site Scripting (XSS) vulnerability due to inadequate encoding of user-controlled inputs. This deficiency enables unauthorized attackers to potentially exploit the system. Although SAP UI5 standard controls are employed in ETD's user interfaces and are designed to provide automated output encoding, the flaw may still allow malicious user inputs to be executed when reflected back in the interface. Organizations using this version of ETD should implement immediate security measures to mitigate the risk of exploitation.

Affected Version(s)

SAP Enterprise Threat Detection 2.0

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3124597

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 14, 2022
Vulnerability Reserved
Jan 4, 2022