Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3124994 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Oct 2022, 01:10
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
24 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
16 Feb 2022, 21:14
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sap
Sap netweaver |
|
CPE | cpe:2.3:a:sap:netweaver:755:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:701:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:753:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:756:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:752:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:700:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:754:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:740:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:750:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:731:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:751:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:702:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CWE | CWE-79 | |
References | (MISC) https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 - Vendor Advisory | |
References | (MISC) https://launchpad.support.sap.com/#/notes/3124994 - Permissions Required |
09 Feb 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-09 23:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-22534
Mitre link : CVE-2022-22534
CVE.ORG link : CVE-2022-22534
JSON object : View
Products Affected
sap
- netweaver
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')