CVE-2022-35225

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal versions 7.10 through 7.50

Description The issue is related to insufficient encoding of user-controlled inputs over the network, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by a remote attacker to conduct cross-site scripting attacks, which may lead to limited impact on confidentiality and integrity of data.

Recommendations For SAP NetWeaver Enterprise Portal versions 7.10 through 7.50, consider implementing proper input validation and encoding to prevent reflected XSS attacks. As a temporary workaround, restrict access to sensitive data and functions to minimize the risk of exploitation. Ensure that all user-controlled inputs are thoroughly validated and sanitized before being processed by the application.