CVE-2024-22128 - Vulnerability Details

SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Netweaver Business Client For Html

Configuration 1 [-]

OR	cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_700:::::::*
	cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_701:::::::*
	cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_702:::::::*
	cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_731:::::::*
	cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_754:::::::*
	cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_755:::::::*
	cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_756:::::::*
	cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_757:::::::*
	cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_758:::::::*

No data.

References

Link	Providers
https://me.sap.com/notes/3396109
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

History

Wed, 16 Oct 2024 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sap Sap netweaver Business Client For Html
CPEs		cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_700:::::::* cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_701:::::::* cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_702:::::::* cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_731:::::::* cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_754:::::::* cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_755:::::::* cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_756:::::::* cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_757:::::::* cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_758:::::::*
Vendors & Products		Sap Sap netweaver Business Client For Html

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2024-02-13T02:02:14.281Z

Updated: 2024-08-01T22:35:34.814Z

Reserved: 2024-01-05T10:21:35.256Z

Link: CVE-2024-22128

Vulnrichment

Updated: 2024-08-01T22:35:34.814Z

NVD

Status : Modified

Published: 2024-02-13T02:15:08.323

Modified: 2024-11-21T08:55:38.297

Link: CVE-2024-22128

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object