Lucene search

SapCVE-2022-32247

HistoryJul 12, 2022 - 9:15 p.m.

CVE-2022-32247

2022-07-1221:15:10

CWE-79

sap

web.nvd.nist.gov

sap

netweaver

enterprise portal

cve-2022-32247

security

script execution

vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.9%

JSON

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Affected configurations

Nvd

Node

sapnetweaver_enterprise_portalMatch7.10

sapnetweaver_enterprise_portalMatch7.11

sapnetweaver_enterprise_portalMatch7.20

sapnetweaver_enterprise_portalMatch7.30

sapnetweaver_enterprise_portalMatch7.31

sapnetweaver_enterprise_portalMatch7.40

sapnetweaver_enterprise_portalMatch7.50

VendorProductVersionCPE
sapnetweaver_enterprise_portal7.10cpe:2.3:a:sap:netweaver_enterprise_portal:7.10:*:*:*:*:*:*:*
sapnetweaver_enterprise_portal7.11cpe:2.3:a:sap:netweaver_enterprise_portal:7.11:*:*:*:*:*:*:*
sapnetweaver_enterprise_portal7.20cpe:2.3:a:sap:netweaver_enterprise_portal:7.20:*:*:*:*:*:*:*
sapnetweaver_enterprise_portal7.30cpe:2.3:a:sap:netweaver_enterprise_portal:7.30:*:*:*:*:*:*:*
sapnetweaver_enterprise_portal7.31cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:*:*:*:*:*:*:*
sapnetweaver_enterprise_portal7.40cpe:2.3:a:sap:netweaver_enterprise_portal:7.40:*:*:*:*:*:*:*
sapnetweaver_enterprise_portal7.50cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_enterprise_portal	7.10	cpe:2.3:a:sap:netweaver_enterprise_portal:7.10:::::::*
sap	netweaver_enterprise_portal	7.11	cpe:2.3:a:sap:netweaver_enterprise_portal:7.11:::::::*
sap	netweaver_enterprise_portal	7.20	cpe:2.3:a:sap:netweaver_enterprise_portal:7.20:::::::*
sap	netweaver_enterprise_portal	7.30	cpe:2.3:a:sap:netweaver_enterprise_portal:7.30:::::::*
sap	netweaver_enterprise_portal	7.31	cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:::::::*
sap	netweaver_enterprise_portal	7.40	cpe:2.3:a:sap:netweaver_enterprise_portal:7.40:::::::*
sap	netweaver_enterprise_portal	7.50	cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:::::::*

CNA Affected

[
  {
    "product": "SAP NetWeaver Enterprise Portal",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.10"
      },
      {
        "status": "affected",
        "version": "7.11"
      },
      {
        "status": "affected",
        "version": "7.20"
      },
      {
        "status": "affected",
        "version": "7.30"
      },
      {
        "status": "affected",
        "version": "7.31"
      },
      {
        "status": "affected",
        "version": "7.40"
      },
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3209557

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Social References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.9%

JSON

Related for CVE-2022-32247