CVE-2024-44120 Information

Description

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out then the attacker could read and manipulate user content in the browser.

Reference

https://me.sap.com/notes/3498221 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday