CVE-2022-26105
Last modified
CVE-2022-26105 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.. EPSS estimates a 0.83% chance of exploitation in the next 30 days.
Description
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Enterprise Portal | 7.10 |
| Sap | Netweaver Enterprise Portal | 7.11 |
| Sap | Netweaver Enterprise Portal | 7.20 |
| Sap | Netweaver Enterprise Portal | 7.30 |
| Sap | Netweaver Enterprise Portal | 7.31 |
| Sap | Netweaver Enterprise Portal | 7.40 |
| Sap | Netweaver Enterprise Portal | 7.50 |
References
- https://launchpad.support.sap.com/#/notes/3163583Permissions Required, Vendor Advisory
- https://launchpad.support.sap.com/#/notes/3163583Permissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-26105?
How severe is CVE-2022-26105?
How do I fix CVE-2022-26105?
Are you affected by CVE-2022-26105?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST