CVE-2024-22128

Published: Feb 13, 2024Modified: Feb 25, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation.

Affected (9)

Products: Sap: Netweaver Business Client For Html

Sap

1 product

Netweaver Business Client For Html

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Business Client For Html	Version sap_basis_700
Sap Netweaver Business Client For Html	Version sap_basis_701
Sap Netweaver Business Client For Html	Version sap_basis_702
Sap Netweaver Business Client For Html	Version sap_basis_731
Sap Netweaver Business Client For Html	Version sap_ui_754
Sap Netweaver Business Client For Html	Version sap_ui_755
Sap Netweaver Business Client For Html	Version sap_ui_756
Sap Netweaver Business Client For Html	Version sap_ui_757
Sap Netweaver Business Client For Html	Version sap_ui_758