CVE-2022-22534
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
09/02/2022
Last modified:
27/10/2022
Description
Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:netweaver:700:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:701:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:702:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:731:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:740:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:750:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:751:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:752:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:753:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:754:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:755:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:756:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page