CVE-2024-22128 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML

🗓️ 13 Feb 2024 02:02:14Reported by sapType

CVE-2024-22128 SAP NWBC HTML XSS vulnerabilit

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2024-22128	13 Feb 202402:15	–	attackerkb
BDU FSTEC	The vulnerability of the single interface for SAP NetWeaver Business Client, which exists due to the lack of measures taken to protect the structure of the web page, allows attackers to carry out cross-site scripting attacks.	14 Jun 202400:00	–	bdu_fstec
Circl	CVE-2024-22128	13 Feb 202403:21	–	circl
CNNVD	SAP NetWeaver Business Client for HTML Cross-Site Scripting Vulnerability	13 Feb 202400:00	–	cnnvd
CVE	CVE-2024-22128	13 Feb 202402:02	–	cve
EUVD	EUVD-2024-19724	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	15 Feb 202400:00	–	ncsc
NVD	CVE-2024-22128	13 Feb 202402:15	–	nvd
OSV	CVE-2024-22128	13 Feb 202402:15	–	osv
Prion	Cross site scripting	13 Feb 202402:15	–	prion

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver Business Client for HTML",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_UI 754"
      },
      {
        "status": "affected",
        "version": "SAP_UI 755"
      },
      {
        "status": "affected",
        "version": "SAP_UI 756"
      },
      {
        "status": "affected",
        "version": "SAP_UI 757"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 700"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 701"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 702"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 731"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3396109
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

25 Feb 2026 09:45Current

5Medium risk

Vulners AI Score5

CVSS 3.14.7

EPSS0.00351

CWE-79