CVE-2022-24399

Name of the Vulnerable Software and Affected Versions SAP Focused Run (Real User Monitoring) versions 200, 300

Description The issue is related to a Cross-Site Scripting (XSS) vulnerability. It occurs because the REST service does not sufficiently sanitize the input name of the file using multipart/form-data. This lack of proper sanitization can lead to security issues.

Recommendations For versions 200 and 300, consider restricting access to the REST service until a proper fix is applied, focusing on sanitizing the input name of the file using multipart/form-data to prevent Cross-Site Scripting (XSS) attacks. As a temporary workaround, disabling the REST service or limiting its functionality can help minimize the risk of exploitation.