CVE-2022-41262

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS Java (HTTP Provider Service) version 7.50

Description The issue is caused by insufficient input validation, allowing an unauthenticated attacker to inject a script into a web request header. Successful exploitation enables an attacker to view or modify information, resulting in a limited impact on the confidentiality and integrity of the application.

Recommendations For version 7.50, update to a version that includes input validation for the HTTP Provider Service to prevent script injection attacks. As a temporary workaround, consider restricting access to the HTTP Provider Service to minimize the risk of exploitation.