CVE-2022-24395

Description

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

Affected products

• SAP_SE / SAP NetWeaver Enterprise Portal< 7.10 – < 7.10
• SAP_SE / SAP NetWeaver Enterprise Portal< 7.11 – < 7.11
• SAP_SE / SAP NetWeaver Enterprise Portal< 7.20 – < 7.20
• SAP_SE / SAP NetWeaver Enterprise Portal< 7.30 – < 7.30
• SAP_SE / SAP NetWeaver Enterprise Portal< 7.31 – < 7.31
• SAP_SE / SAP NetWeaver Enterprise Portal< 7.40 – < 7.40
• SAP_SE / SAP NetWeaver Enterprise Portal< 7.50 – < 7.50

References

• MISChttps://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10
• MISChttps://launchpad.support.sap.com/#/notes/3146261