THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-22126

Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application)

Assignersap
Reserved2024-01-05
Published2024-02-13
Updated2024-07-09

Description

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.



HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

7.50
affected

References

https://me.sap.com/notes/3417627

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

cve.org CVE-2024-22126

nvd.nist.gov CVE-2024-22126

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-22126
© Copyright 2024 THREATINT. Made in Cyprus with +