CVE-2022-28770

Summary

Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAPUI5 (vbm library)750affected
SAP SESAPUI5 (vbm library)753affected
SAP SESAPUI5 (vbm library)754affected
SAP SESAPUI5 (vbm library)755affected
SAP SESAPUI5 (vbm library)756affected

Weaknesses

  • CWE-79: CWE-79

ADP Enrichment

CVE Program Container

Additional References

References