CVE-2022-26105 Information

Jun 07, 2022 cve

Description

SAP NetWeaver Enterprise Portal - versions 7.10 7.11 7.20 7.30 7.31 7.40 7.50 is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://launchpad.support.sap.com/#/notes/3163583 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: