CVE-2022-22529

Name of the Vulnerable Software and Affected Versions SAP Enterprise Threat Detection (ETD) version 2.0

Description The issue arises from insufficient encoding of user-controlled inputs, potentially leading to an unauthorized attacker exploiting an XSS vulnerability. However, the UIs in ETD utilize SAP UI5 standard controls, which provide automated output encoding. This encoding prevents stored malicious user input from being executed when reflected in the UI.

Recommendations For SAP Enterprise Threat Detection (ETD) version 2.0, consider implementing additional encoding measures for user-controlled inputs to prevent potential XSS exploitation. As a temporary workaround, ensure that the automated output encoding provided by the SAP UI5 framework is properly configured and utilized to minimize the risk of stored malicious user input being executed.