← Back

CVE-2022-27656

nvd nist
Published: May 11, 2022Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Affected (21)

Sap
3 products
Netweaver As Abap Kernel
Netweaver As Abap Krnl64uc
Webdispatcher
Configuration A
21 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver As Abap Kernel
Version 7.22
Netweaver As Abap Kernel
Version 7.49
Netweaver As Abap Kernel
Version 7.53
Netweaver As Abap Kernel
Version 7.77
Netweaver As Abap Kernel
Version 7.81
Netweaver As Abap Kernel
Version 7.85
Netweaver As Abap Kernel
Version 7.86
Netweaver As Abap Kernel
Version 7.87
Netweaver As Abap Kernel
Version 8.04
Sap
Netweaver As Abap Krnl64uc
Version 7.22
Netweaver As Abap Krnl64uc
Version 7.22ext
Netweaver As Abap Krnl64uc
Version 7.49
Netweaver As Abap Krnl64uc
Version 7.53
Netweaver As Abap Krnl64uc
Version 8.04
Sap
Webdispatcher
Version 7.22ext
Webdispatcher
Version 7.49
Webdispatcher
Version 7.53
Webdispatcher
Version 7.77
Webdispatcher
Version 7.81
Webdispatcher
Version 7.83
Webdispatcher
Version 7.85

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.