CVE-2024-22128
Published Feb 13, 2024
Last updated a month ago
Overview
- Description
- SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation.
- Source
- cna@sap.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- cna@sap.com
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_700:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78C94A50-17DD-4206-9861-E4406C7CFEDB"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_701:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7055999C-5B25-4E7D-B7A3-9A140DCA9E93"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_702:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B9F39B4-5F9B-4E1C-94A4-3201A6D6CFFF"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_731:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2FD9175-513A-45CE-B113-6EE1C00ADACE"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_754:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3FA1C87-6B1D-49EC-B2B6-9FA74B41C643"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_755:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5A00719-2E66-4CFE-B10A-7582F83A3724"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_756:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14A2A918-2B9D-442A-80E7-B0268540647D"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_757:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F301FA2-E797-4AAE-B152-FD20AAB815E7"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_758:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06987429-230F-423E-B5A2-5D9347D446EF"
}
],
"operator": "OR"
}
]
}
]