Lucene search

SapCVE-2022-41262

HistoryDec 12, 2022 - 10:15 p.m.

CVE-2022-41262

2022-12-1222:15:10

CWE-79

sap

web.nvd.nist.gov

sap

netweaver

as java

http provider service

cve-2022-41262

input validation

web request header

unauthenticated attacker

information security

exploitation

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality and integrity of the application.

Affected configurations

Nvd

Node

sapnetweaver_application_server_javaMatch7.50

VendorProductVersionCPE
sapnetweaver_application_server_java7.50cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_application_server_java	7.50	cpe:2.3:a:sap:netweaver_application_server_java:7.50:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NetWeaver AS for Java (Http Provider Service)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3262544

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Related for CVE-2022-41262