Lucene search

[email protected]CVE-2022-35226

HistoryOct 11, 2022 - 9:15 p.m.

CVE-2022-35226

2022-10-1121:15:12

CWE-79

[email protected]

web.nvd.nist.gov

sap

data services

management

copy

cross-site scripting

vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.7%

JSON

SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application’s immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console.

Affected configurations

NVD

Node

sapdata_servicesMatch4.2

sapdata_servicesMatch4.3

CPENameOperatorVersion
sap:data_servicessap data serviceseq4.2
sap:data_servicessap data serviceseq4.3

CPE	Name	Operator	Version
sap:data_services	sap data services	eq	4.2
sap:data_services	sap data services	eq	4.3

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Data Services Management Console",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "4.2"
      },
      {
        "status": "affected",
        "version": "4.3"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3167342

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.7%

JSON

Related for CVE-2022-35226

nvd1 prion1 cnvd1 cvelist1