CVE-2022-29618
MEDIUMSAP NetWeaver Development Infrastructure 7.30, 7.31, 7.40, 7.50 - Unauthenticated Cross-Site Scripting via URL Injection
Title source: llmDescription
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3197927
Scores
CVSS v3
6.1
EPSS
0.0313
EPSS Percentile
87.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (4)
sap/netweaver_development_infrastructure
7.30
sap/netweaver_development_infrastructure
7.31
sap/netweaver_development_infrastructure
7.40
sap/netweaver_development_infrastructure
7.50
Published
Jun 14, 2022
Tracked Since
Feb 18, 2026