Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver Enterprise Portal
CVE-2022-35225

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Enterprise Portal
Vendor: CVE Published:; 12 July 2022

Summary

SAP NetWeaver Enterprise Portal versions 7.10 to 7.50 exhibit a reflected Cross-Site Scripting (XSS) vulnerability due to the inadequate encoding of user-controlled inputs when transmitted over the network. This flaw may potentially alter the scope of an attack, enabling malicious actors to exploit it. Although the primary impact relates to limited confidentiality and integrity of data, it poses a threat to user sessions and can lead to unauthorized data access.

Affected Version(s)

SAP NetWeaver Enterprise Portal 7.10

SAP NetWeaver Enterprise Portal 7.11

SAP NetWeaver Enterprise Portal 7.20

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3208880

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Jul 5, 2022