Cross-Site Scripting Vulnerability in SAP Web Dispatcher and Internet Communication Manager
CVE-2022-27656

6.1MEDIUM

Key Information:

Vendor

SAP
Status
SAP Netweaver As For Abap And Java (icm Administration Ui)
SAP Web Dispatcher (web Administration Ui)
Vendor
CVE Published:
11 May 2022

What is CVE-2022-27656?

The SAP Web Dispatcher and Internet Communication Manager (ICM) possess a security vulnerability where the web administration user interface fails to adequately encode user-controlled inputs. This shortfall allows attackers to exploit the system, leading to potential Cross-Site Scripting (XSS) attacks that can compromise sensitive data, redirect users, or execute arbitrary scripts within the context of the user's session.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP NetWeaver AS for ABAP and Java (ICM Administration UI) KRNL64NUC 7.22

SAP NetWeaver AS for ABAP and Java (ICM Administration UI) 7.22EXT

SAP NetWeaver AS for ABAP and Java (ICM Administration UI) 7.49

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3145046
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.