CVE-2022-29618
N/A
N/A
Summary
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver Development Infrastructure (Design Time Repository) | 7.30 | affected |
| SAP SE | SAP NetWeaver Development Infrastructure (Design Time Repository) | 7.31 | affected |
| SAP SE | SAP NetWeaver Development Infrastructure (Design Time Repository) | 7.40 | affected |
| SAP SE | SAP NetWeaver Development Infrastructure (Design Time Repository) | 7.50 | affected |
Weaknesses
- CWE-79: CWE-79
ADP Enrichment
CVE Program Container
Additional References
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
- https://launchpad.support.sap.com/#/notes/3197927
References
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
- https://launchpad.support.sap.com/#/notes/3197927
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.