CVE-2022-35172

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal versions 7.10 through 7.50

Description The issue is related to the failure to protect the web page structure, allowing a remote attacker to conduct cross-site scripting attacks. The vulnerability is caused by insufficient encoding of user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) attacks.

Recommendations For SAP NetWeaver Enterprise Portal versions 7.10 through 7.50, ensure that user-controlled inputs are properly encoded to prevent reflected Cross-Site Scripting (XSS) attacks. As a temporary workaround, consider restricting access to vulnerable components until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.