CVE-2022-22534
Summary
| CVE | CVE-2022-22534 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-09 23:15:00 UTC |
| Updated | 2022-10-27 01:10:00 UTC |
| Description | Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Netweaver | 700 | All | All | All |
| Application | Sap | Netweaver | 701 | All | All | All |
| Application | Sap | Netweaver | 702 | All | All | All |
| Application | Sap | Netweaver | 731 | All | All | All |
| Application | Sap | Netweaver | 740 | All | All | All |
| Application | Sap | Netweaver | 750 | All | All | All |
| Application | Sap | Netweaver | 751 | All | All | All |
| Application | Sap | Netweaver | 752 | All | All | All |
| Application | Sap | Netweaver | 753 | All | All | All |
| Application | Sap | Netweaver | 754 | All | All | All |
| Application | Sap | Netweaver | 755 | All | All | All |
| Application | Sap | Netweaver | 756 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | |
| SAP Security Patch Day - February 2022 - Product Security Response at SAP - Community Wiki | MISC | wiki.scn.sap.com | |
| Access Denied | MISC | www.sap.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 87485 SAP NetWeaver ABAP Cross-Site Scripting (XSS) Vulnerability (3124994)