CVE-2022-32247: XSS
First published: Tue Jul 12 2022(Updated: )
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver (Enterprise Portal) | =7.10 | |
| SAP NetWeaver (Enterprise Portal) | =7.11 | |
| SAP NetWeaver (Enterprise Portal) | =7.20 | |
| SAP NetWeaver (Enterprise Portal) | =7.30 | |
| SAP NetWeaver (Enterprise Portal) | =7.31 | |
| SAP NetWeaver (Enterprise Portal) | =7.40 | |
| SAP NetWeaver (Enterprise Portal) | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver (enterprise portal)
- version/sap netweaver (enterprise portal)/7.10
- version/sap netweaver (enterprise portal)/7.11
- version/sap netweaver (enterprise portal)/7.20
- version/sap netweaver (enterprise portal)/7.30
- version/sap netweaver (enterprise portal)/7.31
- version/sap netweaver (enterprise portal)/7.40
- version/sap netweaver (enterprise portal)/7.50