XSS in Sap Netweaver_enterprise_portal
CVE-2022-26105
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.009 (53.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Sap Netweaver_enterprise_portal — versions 7.10, 7.11, 7.20
- Sap Se Netweaver Enterprise Portal — versions 7.10, 7.11, 7.20
Weakness classification (CWE)
References
- cna@sap.com (x_refsource_MISC, Vendor Advisory)
- cna@sap.com (Permissions Required, x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2022-26105?
- CVE-2022-26105 is a medium-severity vulnerability in Sap Netweaver_enterprise_portal, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2022-04-12.
- How severe is CVE-2022-26105?
- Medium severity. CVSS v3 base score is 6.1 out of 10.