CVE-2022-35170

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal versions 7.10 through 7.50

Description The issue is related to insufficient encoding of user-controlled inputs over the network, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by a remote attacker to conduct cross-site scripting attacks, potentially leading to limited impact on confidentiality and integrity of data.

Recommendations For SAP NetWeaver Enterprise Portal versions 7.10 through 7.50, consider implementing proper input encoding to prevent reflected Cross-Site Scripting (XSS) attacks. As a temporary workaround, restrict access to sensitive data and functions to minimize the risk of exploitation. Ensure that all user-controlled inputs are properly validated and sanitized to prevent malicious code injection.