Lucene search
SapCVELIST:CVE-2022-28770HistoryApr 12, 2022 - 4:11 p.m.
CVE-2022-28770
2022-04-1216:11:28
CWE-79
sap
www.cve.org
2
sapui5 library
input validation
unauthenticated
script injection
url
code execution
exploitation
confidentiality
integrity
EPSS
0.001
Percentile
35.9%
Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
CNA Affected
[
{
"product": "SAPUI5 (vbm library)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
}
]
}
]Related
prion
prion
Input validation
2022-04-12 17:15:00
cve
cve
CVE-2022-28770
2022-04-12 17:15:10
nvd
nvd
CVE-2022-28770
2022-04-12 17:15:10