CVE-2024-22126

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50

Description: The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in a Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability. The vulnerability may allow a remote attacker to conduct an XSS attack.

Recommendations: For SAP NetWeaver AS for Java version 7.50, consider disabling the User Admin application or restricting access to it until a patch is available. As a temporary workaround, avoid using the vulnerable URL parameters in the redirect URL. At the moment, there is no information about a newer version that contains a fix for this vulnerability.