CVE-2022-35226: XSS
First published: Tue Oct 11 2022(Updated: )
SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Data Services | =4.2 | |
| SAP Data Services | =4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-35226?
CVE-2022-35226 is classified as a medium severity vulnerability due to its potential for Cross-Site Scripting (XSS) attacks.
How do I fix CVE-2022-35226?
To fix CVE-2022-35226, ensure that you apply the latest security patches provided by SAP for Data Services versions 4.2 and 4.3.
What types of attacks can CVE-2022-35226 lead to?
CVE-2022-35226 can lead to Cross-Site Scripting attacks, allowing attackers to execute malicious scripts in the context of the user's browser.
Who is affected by CVE-2022-35226?
CVE-2022-35226 affects users of SAP Data Services management console versions 4.2 and 4.3.
What should I monitor for related to CVE-2022-35226?
Monitor any unauthorized access attempts to the SAP Data Services management console and unusual script executions on affected pages.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/sap
- canonical/sap data services
- version/sap data services/4.2
- version/sap data services/4.3