Cross-Site Scripting in SAP Data Services Management
CVE-2022-35226

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Data Services Management Console
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-35226?

The SAP Data Services Management console is vulnerable to Cross-Site Scripting (XSS), enabling attackers to manipulate and inject malicious scripts into the application's response. This vulnerability necessitates user authentication, as an attacker must log in to the management console to exploit it. Only specific pages within the console are affected, making it crucial for users to be aware of potential exploits while accessing these areas.

Affected Version(s)

SAP Data Services Management Console 4.2

SAP Data Services Management Console 4.3

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3167342

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Jul 5, 2022