Cross-Site Scripting Vulnerability in SAP NetWeaver Enterprise Portal by SAP
CVE-2022-35298

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Enterprise Portal (kmc)
Vendor: CVE Published:; 13 September 2022

Summary

SAP NetWeaver Enterprise Portal (KMC) version 7.50 presents a vulnerability that fails to adequately encode user input, making it prone to Cross-Site Scripting (XSS) attacks. This flaw allows attackers to craft malicious scripts that, when executed by users within the portal, could jeopardize the confidentiality and integrity of their web browser sessions. Such a security lapse emphasizes the necessity for proper input encoding to safeguard against unauthorized script execution.

Affected Version(s)

SAP NetWeaver Enterprise Portal (KMC) 7.50

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3219164

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 13, 2022
Vulnerability Reserved
Jul 7, 2022