Cross-Site Scripting Vulnerability in SAP NW EP by SAP
CVE-2022-35227

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Enterprise Portal (WPc)
Vendor: CVE Published:; 12 July 2022

Summary

A vulnerability identified in SAP NW EP (WPC) across several versions (7.30, 7.31, 7.40, 7.50) arises from insufficient validation of user-controlled input. This flaw can enable remote attackers to perform Cross-Site Scripting (XSS) attacks, potentially allowing them to execute arbitrary script code. Such exploitation could result in the theft or unauthorized alteration of sensitive authentication information from users, impacting their current sessions and compromising the integrity of their data.

Affected Version(s)

SAP NetWeaver Enterprise Portal (WPC) 7.30

SAP NetWeaver Enterprise Portal (WPC) 7.31

SAP NetWeaver Enterprise Portal (WPC) 7.40

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3211760

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Jul 5, 2022