CVE-2022-22534
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.
Debido a una codificación insuficiente de la entrada del usuario, SAP NetWeaver permite a un atacante no autenticado inyectar código que puede exponer datos confidenciales como el ID de usuario y la contraseña. Estos endpoints están normalmente expuestos a través de la red y una explotación con éxito puede impactar parcialmente la confidencialidad de la aplicación
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-04 CVE Reserved
- 2022-02-09 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2022-10-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 700 Search vendor "Sap" for product "Netweaver" and version "700" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 701 Search vendor "Sap" for product "Netweaver" and version "701" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 702 Search vendor "Sap" for product "Netweaver" and version "702" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 731 Search vendor "Sap" for product "Netweaver" and version "731" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 740 Search vendor "Sap" for product "Netweaver" and version "740" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 750 Search vendor "Sap" for product "Netweaver" and version "750" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 751 Search vendor "Sap" for product "Netweaver" and version "751" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 752 Search vendor "Sap" for product "Netweaver" and version "752" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 753 Search vendor "Sap" for product "Netweaver" and version "753" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 754 Search vendor "Sap" for product "Netweaver" and version "754" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 755 Search vendor "Sap" for product "Netweaver" and version "755" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Search vendor "Sap" for product "Netweaver" | 756 Search vendor "Sap" for product "Netweaver" and version "756" | - |
Affected
| ||||||