CVE-2022-35294

🗓️ 13 Sep 2022 15:43:33Reported by sapType

An attacker could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, resulting in a stored Cross-Site-Scripting attack and potential information disclosure

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2022-35294	13 Sep 202216:15	–	attackerkb
Circl	CVE-2022-35294	13 Sep 202220:25	–	circl
CNNVD	SAP NetWeaver Application Server 跨站脚本漏洞	13 Sep 202200:00	–	cnnvd
CVE	CVE-2022-35294	13 Sep 202215:43	–	cve
EUVD	EUVD-2022-38184	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	14 Sep 202200:00	–	ncsc
NVD	CVE-2022-35294	13 Sep 202216:15	–	nvd
OSV	CVE-2022-35294	13 Sep 202216:15	–	osv
Prion	Cross site scripting	13 Sep 202216:15	–	prion
Positive Technologies	PT-2022-22693 · Sap · Sap Netweaver Application Server Abap	13 Sep 202200:00	–	ptsecurity

[
  {
    "product": "SAP NetWeaver AS ABAP",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "KRNL64NUC 7.22"
      },
      {
        "status": "affected",
        "version": "7.22EXT"
      },
      {
        "status": "affected",
        "version": "7.49"
      },
      {
        "status": "affected",
        "version": "KRNL64UC 7.22"
      },
      {
        "status": "affected",
        "version": "7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.22"
      },
      {
        "status": "affected",
        "version": "7.77"
      },
      {
        "status": "affected",
        "version": "7.81"
      },
      {
        "status": "affected",
        "version": "7.85"
      },
      {
        "status": "affected",
        "version": "7.89"
      },
      {
        "status": "affected",
        "version": "7.54"
      }
    ]
  }
]

Source	Link
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
launchpad	www.launchpad.support.sap.com/

21 Sep 2022 18:48Current

5.7Medium risk

Vulners AI Score5.7

EPSS0.00379

CWE-79