VDB

CVE-2022-35227

CVE-2022-35227 PUBLISHED CVSS 6.099999904632568 MEDIUM

A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session.

EPSS 0.30% · 53.8th percentile

Risk Scores

CVSS v3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.30%
53.8th percentile

Affected Products

VendorProductVersions
sapnetweaver_enterprise_portal7.30, 7.40, 7.50
SAP SESAP NetWeaver Enterprise Portal (WPC)7.30, 7.40, 7.50

Exploit Intelligence

Timeline

  • Jul 12, 2022 CVE Published
  • Jul 13, 2022 EPSS Score
  • Aug 30, 2022 EPSS Score
  • Oct 16, 2022 EPSS Score
  • Dec 2, 2022 EPSS Score
  • Jan 18, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 23, 2023 EPSS Score
  • Jun 9, 2023 EPSS Score
  • Jul 26, 2023 EPSS Score
  • Sep 11, 2023 EPSS Score
  • Oct 28, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›