Cross-Site Scripting Vulnerability in SAP Enterprise Portal
CVE-2022-35224

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Enterprise Portal
Vendor: CVE Published:; 12 July 2022

Summary

SAP Enterprise Portal versions prior to 7.50 are impacted by an XSS vulnerability due to insufficient encoding of user-controlled inputs. This flaw can lead to the execution of malicious scripts, allowing attackers to compromise user sessions or manipulate portal content, potentially affecting the confidentiality and integrity of user interactions within the portal. Users interacting with the portal are at risk, as exploitation of this vulnerability could allow attackers to deface or alter visible content temporarily, undermining the security of the portal.

Affected Version(s)

SAP Enterprise Portal 7.10

SAP Enterprise Portal 7.11

SAP Enterprise Portal 7.20

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3210779

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Jul 5, 2022