Lucene search

K
cve[email protected]CVE-2022-29618
HistoryJun 14, 2022 - 7:15 p.m.

CVE-2022-29618

2022-06-1419:15:07
CWE-79
web.nvd.nist.gov
42
6
sap
netweaver
development infrastructure
design time repository
cve-2022-29618
input validation
code injection
browser security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.9%

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Affected configurations

NVD
Node
sapnetweaver_development_infrastructureMatch7.30
OR
sapnetweaver_development_infrastructureMatch7.31
OR
sapnetweaver_development_infrastructureMatch7.40
OR
sapnetweaver_development_infrastructureMatch7.50
VendorProductVersionCPE
sapnetweaver_development_infrastructure7.31cpe:/a:sap:netweaver_development_infrastructure:7.31:::
sapnetweaver_development_infrastructure7.50cpe:/a:sap:netweaver_development_infrastructure:7.50:::
sapnetweaver_development_infrastructure7.30cpe:/a:sap:netweaver_development_infrastructure:7.30:::
sapnetweaver_development_infrastructure7.40cpe:/a:sap:netweaver_development_infrastructure:7.40:::

CNA Affected

[
  {
    "product": "SAP NetWeaver Development Infrastructure (Design Time Repository)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.30"
      },
      {
        "status": "affected",
        "version": "7.31"
      },
      {
        "status": "affected",
        "version": "7.40"
      },
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

Social References

More

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.9%

Related for CVE-2022-29618