SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability
CVE-2024-47594

5.4MEDIUM

Key Information:

Vendor
SAP
Status
SAP Netweaver Enterprise Portal (kmc)
Vendor
CVE Published:
8 October 2024

Summary

SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.

Affected Version(s)

SAP NetWeaver Enterprise Portal (KMC) KMC-BC 7.5

References

https://me.sap.com/notes/3503462
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.