CVE-2022-35294

Published Sep 13, 2022

Last updated 2 years ago

CVSS medium 5.4

Overview

Description: An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-79
nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF64539B-0DE2-4076-91B9-F03F4DDFAE2F"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FBC5614-7C3F-4AD8-8640-0499B8B03C64"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E8CB869-C342-4362-9A4A-298F0B5F4003"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.54:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92EBF7BA-BB05-4946-9CA8-E170AB80ECA3"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89E7439E-F4D6-45EA-99FC-C9B34D4D590E"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "252DCEF2-8DDF-467F-8869-B69A0A3426F8"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.85:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BC578BE-2308-491E-9D56-6B45AFF0FCFA"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.89:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C5C5010-9631-4C70-AD90-A0D16B03BFA5"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C07042F-C47F-441E-AB32-B58A066909E2"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2D5BECF-C4BA-44C7-9AD7-56865DD9AD60"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23257C18-B75C-471C-9EAF-1E86DEE845FA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References