Stored Cross-Site Scripting Vulnerability in SAP Enable Now
CVE-2022-35297

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Enable Now
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-35297?

SAP Enable Now has a vulnerability arising from inadequate encoding of user-controlled inputs during network transmission. This flaw allows attackers to manipulate the content delivered to other users, leading to a Stored Cross-Site Scripting (XSS) scenario. The unfiltered data can be leveraged to execute malicious scripts in the context of an unsuspecting user’s session, potentially compromising the confidentiality, integrity, and availability of affected systems. Organizations using SAP Enable Now should prioritize the implementation of proper input encoding practices to mitigate this risk.

Affected Version(s)

SAP Enable Now 10

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3049899

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Jul 7, 2022