SAP NetWeaver Enterprise Portal Vulnerable to Reflected Cross-Site Scripting
CVE-2024-44120

4.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Enterprise Portal
Vendor: CVE Published:; 10 September 2024

Summary

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.

Affected Version(s)

SAP NetWeaver Enterprise Portal 7.50

References

https://me.sap.com/notes/3498221

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 20, 2024