Vulnerabilites related to SAP SE - SAP NetWeaver (ABAP and Java application Servers)
cve-2022-22534
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
EPSS score ?
Summary
Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.
References
▼ | URL | Tags |
---|---|---|
https://launchpad.support.sap.com/#/notes/3124994 | x_refsource_MISC | |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | SAP SE | SAP NetWeaver (ABAP and Java application Servers) |
Version: 700 Version: 701 Version: 702 Version: 731 Version: 740 Version: 750 Version: 751 Version: 752 Version: 753 Version: 754 Version: 755 Version: 756 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:55.475Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://launchpad.support.sap.com/#/notes/3124994", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAP NetWeaver (ABAP and Java application Servers)", vendor: "SAP SE", versions: [ { status: "affected", version: "700", }, { status: "affected", version: "701", }, { status: "affected", version: "702", }, { status: "affected", version: "731", }, { status: "affected", version: "740", }, { status: "affected", version: "750", }, { status: "affected", version: "751", }, { status: "affected", version: "752", }, { status: "affected", version: "753", }, { status: "affected", version: "754", }, { status: "affected", version: "755", }, { status: "affected", version: "756", }, ], }, ], descriptions: [ { lang: "en", value: "Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-24T15:18:07", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://launchpad.support.sap.com/#/notes/3124994", }, { tags: [ "x_refsource_MISC", ], url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cna@sap.com", ID: "CVE-2022-22534", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAP NetWeaver (ABAP and Java application Servers)", version: { version_data: [ { version_affected: "=", version_value: "700", }, { version_affected: "=", version_value: "701", }, { version_affected: "=", version_value: "702", }, { version_affected: "=", version_value: "731", }, { version_affected: "=", version_value: "740", }, { version_affected: "=", version_value: "750", }, { version_affected: "=", version_value: "751", }, { version_affected: "=", version_value: "752", }, { version_affected: "=", version_value: "753", }, { version_affected: "=", version_value: "754", }, { version_affected: "=", version_value: "755", }, { version_affected: "=", version_value: "756", }, ], }, }, ], }, vendor_name: "SAP SE", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.", }, ], }, impact: { cvss: { baseScore: "null", vectorString: "null", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://launchpad.support.sap.com/#/notes/3124994", refsource: "MISC", url: "https://launchpad.support.sap.com/#/notes/3124994", }, { name: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", refsource: "MISC", url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2022-22534", datePublished: "2022-02-09T22:05:21", dateReserved: "2022-01-04T00:00:00", dateUpdated: "2024-08-03T03:14:55.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }