CVE-2022-32247
MEDIUMSAP NetWeaver Enterprise Portal 7.10-7.50 - Unauthenticated Cross-Site Scripting
Title source: llmDescription
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3209557
Scores
CVSS v3
6.1
EPSS
0.0179
EPSS Percentile
83.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (7)
sap/netweaver_enterprise_portal
7.10
sap/netweaver_enterprise_portal
7.11
sap/netweaver_enterprise_portal
7.20
sap/netweaver_enterprise_portal
7.30
sap/netweaver_enterprise_portal
7.31
sap/netweaver_enterprise_portal
7.40
sap/netweaver_enterprise_portal
7.50
Published
Jul 12, 2022
Tracked Since
Feb 18, 2026