VDB
CVE-2022-39799
CVE-2022-39799
PUBLISHED
CVSS 6.099999904632568 MEDIUM
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.
EPSS 0.46% · 64.7th percentile
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.46%
64.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP SE | SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad) | 7.54, KERNEL 7.77, 7.81 |
| sap | netweaver_application_server_abap | 7.81, 7.85, * |
Exploit Intelligence
Timeline
- Sep 13, 2022 CVE Published
- Sep 14, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 13, 2022 EPSS Score
- Jan 27, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 13, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 11, 2023 EPSS Score
- Jul 26, 2023 EPSS Score
- Sep 9, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
References
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html url
- https://launchpad.support.sap.com/#/notes/3229820 url
- https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=1&todaysdate=2022-09-14 advisory
- https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-39799 advisory