CVE-2022-32247

2022-07-1220:27:32

CWE-79

sap

www.cve.org

sap

netweaver

enterprise portal

script execution

unauthenticated

improper sanitization

network

exploitation

view

modify

information

confidentiality

integrity

EPSS

0.001

Percentile

35.9%

JSON

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

CNA Affected

[
  {
    "product": "SAP NetWeaver Enterprise Portal",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.10"
      },
      {
        "status": "affected",
        "version": "7.11"
      },
      {
        "status": "affected",
        "version": "7.20"
      },
      {
        "status": "affected",
        "version": "7.30"
      },
      {
        "status": "affected",
        "version": "7.31"
      },
      {
        "status": "affected",
        "version": "7.40"
      },
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]