CVE-2024-22129

Name of the Vulnerable Software and Affected Versions: SAP Companion versions prior to 3.1.38

Description: The issue is related to a URL with a parameter that could be vulnerable to an XSS attack. An attacker could send a malicious link to a user, potentially allowing the attacker to retrieve sensitive information and cause minor impact on the integrity of the web application. The vulnerability exists due to inadequate protection of the web page structure, which could enable a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations: For versions prior to 3.1.38, update to version 3.1.38 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable URL parameter to minimize the risk of exploitation. Avoid using the vulnerable URL parameter in user-accessible areas until the issue is resolved.