PT-2022-18552 · Sap · Sap Web Dispatcher+1

Published

2022-05-11

Updated

2022-05-19

CVE-2022-27656

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAP Web Dispatcher and Internet Communication Manager (ICM) (affected versions not specified)

Description The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-27656

Affected Products

Internet Communication Manager

Sap Web Dispatcher

PT-2022-18552 · Sap · Sap Web Dispatcher+1

CVE-2022-27656

Weakness Enumeration

Related Identifiers

Affected Products

References · 5