CVE-2022-35224

Name of the Vulnerable Software and Affected Versions SAP Enterprise Portal versions 7.10 through 7.50

Description The issue is related to the lack of protection for the web page structure, allowing a remote attacker to view, add, modify, or delete data. This is due to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability. The attack can be used to non-permanently deface or modify portal content, and the execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of the victim's web browser session.

Recommendations For SAP Enterprise Portal versions 7.10 through 7.50, consider disabling the execution of user-controlled script content as a temporary workaround until a patch is available. Restrict access to user-controlled inputs to minimize the risk of exploitation. Avoid using the portal with user-controlled inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.