PT-2022-22697 · Sap · Sap Netweaver Enterprise Portal
Published
2022-09-13
·
Updated
2022-10-01
·
CVE-2022-35298
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver Enterprise Portal (KMC) version 7.50
Description
The issue arises from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting vulnerability. The KMC servlet is vulnerable to XSS attacks, which could compromise the confidentiality and integrity of a victim's web browser session if script content is executed by a registered portal user.
Recommendations
For SAP NetWeaver Enterprise Portal (KMC) version 7.50, consider disabling the KMC servlet as a temporary workaround until a patch is available to prevent XSS attacks. Restrict access to the KMC servlet to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver Enterprise Portal