CVE-2022-35226

MEDIUM

SAP Data Services - Authenticated Stored Cross-Site Scripting in Management Console

Title source: llm

Description

SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory

https://launchpad.support.sap.com/#/notes/3167342

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 6.1

EPSS 0.0035

EPSS Percentile 57.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

sap/data_services 4.2

sap/data_services 4.3

Published Oct 11, 2022

Tracked Since Feb 18, 2026