CVE-2022-35227

Name of the Vulnerable Software and Affected Versions SAP NW EP (WPC) versions 7.30 through 7.50

Description A vulnerability in SAP NW EP (WPC) does not sufficiently validate user-controlled input, allowing a remote attacker to conduct a Cross-Site (XSS) scripting attack. This could lead to the execution of arbitrary script code, potentially resulting in the stealing or modifying of authentication information, such as data related to the user's current session.

Recommendations For versions 7.30 through 7.50, update to a version that includes the fix for this issue to prevent Cross-Site Scripting attacks. As a temporary workaround, consider implementing additional input validation measures to restrict the execution of arbitrary script code until a patch is available. Restrict access to sensitive user data to minimize the risk of exploitation.