Lucene search
SapCVELIST:CVE-2022-35294HistorySep 13, 2022 - 3:43 p.m.
CVE-2022-35294
2022-09-1315:43:33
CWE-79
sap
www.cve.org
5
attacker
sap netweaver
application server abap
cross-site-scripting
information disclosure
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.
CNA Affected
[
{
"product": "SAP NetWeaver AS ABAP",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "KRNL64NUC 7.22"
},
{
"status": "affected",
"version": "7.22EXT"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "KRNL64UC 7.22"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "KERNEL 7.22"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.81"
},
{
"status": "affected",
"version": "7.85"
},
{
"status": "affected",
"version": "7.89"
},
{
"status": "affected",
"version": "7.54"
}
]
}
]Related
prion
prion
Cross site scripting
2022-09-13 16:15:00
cve
cve
CVE-2022-35294
2022-09-13 16:15:08
nvd
nvd
CVE-2022-35294
2022-09-13 16:15:08