CVE-2022-27656

Summary

The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)KRNL64NUC 7.22affected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)7.22EXTaffected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)7.49affected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)KRNL64 8.04affected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)7.22affected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)7.53affected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)KERNEL 7.22affected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)8.04affected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)7.77affected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)7.81affected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)7.85affected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)7.86affected
SAP SESAP NetWeaver AS for ABAP and Java (ICM Administration UI)7.87affected
SAP SESAP Web Dispatcher (Web Administration UI)7.49affected
SAP SESAP Web Dispatcher (Web Administration UI)7.53affected
SAP SESAP Web Dispatcher (Web Administration UI)7.77affected
SAP SESAP Web Dispatcher (Web Administration UI)7.81affected
SAP SESAP Web Dispatcher (Web Administration UI)7.85affected
SAP SESAP Web Dispatcher (Web Administration UI)7.22_EXTaffected

Weaknesses

  • CWE-79: CWE-79

ADP Enrichment

CVE Program Container

Additional References

References