Lucene search

K
cvelistSapCVELIST:CVE-2022-29618
HistoryJun 14, 2022 - 6:35 p.m.

CVE-2022-29618

2022-06-1418:35:37
CWE-79
sap
www.cve.org
1
sap netweaver
input validation
code injection
integrity
confidentiality

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

35.9%

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

CNA Affected

[
  {
    "product": "SAP NetWeaver Development Infrastructure (Design Time Repository)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.30"
      },
      {
        "status": "affected",
        "version": "7.31"
      },
      {
        "status": "affected",
        "version": "7.40"
      },
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

35.9%

Related for CVELIST:CVE-2022-29618