CVE-2022-24397

Description

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victims web browser.

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.521

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in SAP NetWeaver Enterprise Portal (OBN component) 7.31	Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Enterprise Portal (OBN component) 7.30	Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Enterprise Portal (OBN component) 7.40	Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Enterprise Portal (OBN component) 7.50	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234