CVE-2024-22128

Published Feb 13, 2024

Last updated 4 months ago

CVSS medium 6.1

Overview

Description: SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_700:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78C94A50-17DD-4206-9861-E4406C7CFEDB"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_701:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7055999C-5B25-4E7D-B7A3-9A140DCA9E93"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_702:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B9F39B4-5F9B-4E1C-94A4-3201A6D6CFFF"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_731:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2FD9175-513A-45CE-B113-6EE1C00ADACE"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_754:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3FA1C87-6B1D-49EC-B2B6-9FA74B41C643"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_755:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5A00719-2E66-4CFE-B10A-7582F83A3724"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_756:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14A2A918-2B9D-442A-80E7-B0268540647D"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_757:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F301FA2-E797-4AAE-B152-FD20AAB815E7"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_758:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06987429-230F-423E-B5A2-5D9347D446EF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References