Lucene search
SapCVELIST:CVE-2022-28217HistoryJun 13, 2022 - 4:04 p.m.
CVE-2022-28217
2022-06-1316:04:01
CWE-918
sap
www.cve.org
0.001 Low
EPSS
Percentile
35.2%
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise systemοΏ½s Availability by causing system to crash.
CNA Affected
[
{
"product": "SAP NetWeaver (EP Web Page Composer)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.30"
},
{
"status": "affected",
"version": "7.31"
},
{
"status": "affected",
"version": "7.40"
},
{
"status": "affected",
"version": "7.50"
}
]
}
]Related
cve
cve
CVE-2022-28217
2022-06-13 17:15:10
nvd
nvd
CVE-2022-28217
2022-06-13 17:15:10
cnvd
cnvd
SAP NetWeaver Code Issue Vulnerability (CNVD-2022-56261)
2022-07-01 00:00:00
prion
prion
Server side request forgery (ssrf)
2022-06-13 17:15:00