CVE-2022-26105

Опубликовано: 12 апр. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Ссылки

https://launchpad.support.sap.com/#/notes/3163583
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory
https://launchpad.support.sap.com/#/notes/3163583
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_enterprise_portal:7.10:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_enterprise_portal:7.11:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_enterprise_portal:7.20:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_enterprise_portal:7.30:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_enterprise_portal:7.40:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01324

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jrq4-4399-2q2j