CVE-2022-29618: XSS
First published: Tue Jun 14 2022(Updated: )
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Development Infrastructure | =7.30 | |
| SAP NetWeaver Development Infrastructure | =7.31 | |
| SAP NetWeaver Development Infrastructure | =7.40 | |
| SAP NetWeaver Development Infrastructure | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap netweaver development infrastructure
- version/sap netweaver development infrastructure/7.30
- version/sap netweaver development infrastructure/7.31
- version/sap netweaver development infrastructure/7.40
- version/sap netweaver development infrastructure/7.50