CVE-2022-26105
Description
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.324
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in SAP NetWeaver Enterprise Portal (OBN component) 7.31 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Enterprise Portal (OBN component) 7.11 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Enterprise Portal (OBN component) 7.20 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Enterprise Portal (OBN component) 7.30 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Enterprise Portal (OBN component) 7.40 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Enterprise Portal (OBN component) 7.50 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Enterprise Portal (OBN component) 7.10 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234