Description
SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3124597
Scores
CVSS v3
6.1
EPSS
0.0037
EPSS Percentile
59.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
sap/enterprise_threat_detection
2.0
Published
Jan 14, 2022
Tracked Since
Feb 18, 2026