CVE-2022-39799

Summary

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)KERNEL 7.77affected
SAP SESAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)7.81affected
SAP SESAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)7.85affected
SAP SESAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)7.89affected
SAP SESAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)7.54affected

Weaknesses

  • CWE-79: CWE-79

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References