CVE-2022-24397

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal versions 7.30, 7.31, 7.40, 7.50

Description The issue arises from insufficient encoding of user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited to non-permanently deface or modify the displayed content of the portal website. If a victim registered on the portal executes the script content, it could compromise the confidentiality and integrity of the victim's web browser.

Recommendations For versions 7.30, 7.31, 7.40, 7.50, consider disabling the execution of user-controlled inputs until a patch is available to prevent the exploitation of the reflected Cross-Site Scripting vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.