First published: Tue Oct 08 2024(Updated: )
SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver (Enterprise Portal) | =7.50 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-47594 has a medium severity rating due to its potential for Cross-Site Scripting attacks.
To fix CVE-2024-47594, ensure that user inputs are properly encoded in SAP NetWeaver Enterprise Portal version 7.50.
CVE-2024-47594 affects SAP NetWeaver Enterprise Portal version 7.50.
CVE-2024-47594 enables Cross-Site Scripting attacks, allowing attackers to insert malicious scripts into web pages.
Yes, if exploited, CVE-2024-47594 can facilitate data theft by allowing attackers to execute scripts in the context of a user's session.