CVE-2022-35227

A vulnerability in SAP NW EP WPC - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site XSS scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to...

CVE-2022-28217

Some part of SAP NetWeaver EP Web Page Composer does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by...

Server side request forgery (ssrf)

Some part of SAP NetWeaver EP Web Page Composer does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by...

CVE-2022-28217

CVE-2022-28217 affects SAP NetWeaver (EP Web Page Composer). Multiple connected documents describe a vulnerability where an XML document from an untrusted source is not sufficiently validated, enabling unprotected XML parking at endpoints and a potential SSRF attack that could impact availability...

CVE-2022-28217

Some part of SAP NetWeaver EP Web Page Composer does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by...

SAP NetWeaver K.M. Web Page Composer URI Redirection Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A URI redirection vulnerability exists in SAP NetWeaver K.M. Web Page Composer due to the application failing to...