Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver Enterprise Portal
CVE-2022-24395
6.1MEDIUM
What is CVE-2022-24395?
SAP NetWeaver Enterprise Portal versions 7.10 through 7.50 are susceptible to a reflected Cross-Site Scripting (XSS) vulnerability due to improper encoding of user inputs. This flaw allows an attacker to execute arbitrary scripts in the context of the user's session, potentially leading to data theft or session hijacking. It is essential for users of these versions to implement security updates and necessary safeguards as outlined by SAP to mitigate the risks associated with this vulnerability.
Affected Version(s)
SAP NetWeaver Enterprise Portal < 7.10 < 7.10
SAP NetWeaver Enterprise Portal < 7.11 < 7.11
SAP NetWeaver Enterprise Portal < 7.20 < 7.20