CVE-2022-22529

2022-01-1419:11:30

sap

www.cve.org

0.001 Low

EPSS

Percentile

33.5%

JSON

SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Enterprise Threat Detection",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3124597

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035

0.001 Low

EPSS

Percentile

33.5%

JSON

Related for CVELIST:CVE-2022-22529