First published: Mon Jun 13 2022(Updated: )
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by causing system to crash.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver | =7.20 | |
SAP NetWeaver | =7.30 | |
SAP NetWeaver | =7.31 | |
SAP NetWeaver | =7.40 | |
SAP NetWeaver | =7.50 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-28217 is a vulnerability in SAP NetWeaver (EP Web Page Composer) that allows an adversary to exploit unprotected XML parking and conduct SSRF attacks.
CVE-2022-28217 has a severity rating of 6.5, which is classified as medium.
CVE-2022-28217 affects SAP NetWeaver versions 7.20, 7.30, 7.31, 7.40, and 7.50.
To fix CVE-2022-28217, it is recommended to apply the patches and updates provided by SAP.
More information about CVE-2022-28217 can be found in the SAP Note 3148377 and the SAP security advisory.