6.1
CVE-2024-22128
- EPSS 0.52%
- Veröffentlicht 13.02.2024 02:15:08
- Zuletzt bearbeitet 21.11.2024 08:55:38
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Netweaver Business Client For Html Versionsap_basis_700
SAP ≫ Netweaver Business Client For Html Versionsap_basis_701
SAP ≫ Netweaver Business Client For Html Versionsap_basis_702
SAP ≫ Netweaver Business Client For Html Versionsap_basis_731
SAP ≫ Netweaver Business Client For Html Versionsap_ui_754
SAP ≫ Netweaver Business Client For Html Versionsap_ui_755
SAP ≫ Netweaver Business Client For Html Versionsap_ui_756
SAP ≫ Netweaver Business Client For Html Versionsap_ui_757
SAP ≫ Netweaver Business Client For Html Versionsap_ui_758
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.659 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| cna@sap.com | 4.7 | 1.6 | 2.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.