CVE-2024-47594

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal (KMC) versions 7.5

Description The issue is related to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting problem in the KMC servlet. This could allow an attacker to craft a malicious script and trick a user into clicking it, potentially compromising the confidentiality and integrity of the user's web browser session. An attacker could conduct remote cross-site scripting attacks by exploiting this issue.

Recommendations For SAP NetWeaver Enterprise Portal (KMC) version 7.5, patch immediately to mitigate the risks associated with the Cross-Site Scripting vulnerability in the KMC servlet. As a temporary workaround, consider restricting access to the KMC servlet until a patch is applied.