The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.
Metrics
Affected Vendors & Products
References
History
Thu, 10 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sap
Sap netweaver Application Server Java |
|
CPEs | cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:* | |
Vendors & Products |
Sap
Sap netweaver Application Server Java |
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2024-02-13T01:58:27.745Z
Updated: 2024-08-01T22:35:34.804Z
Reserved: 2024-01-05T10:21:35.256Z
Link: CVE-2024-22126
Vulnrichment
Updated: 2024-08-01T22:35:34.804Z
NVD
Status : Modified
Published: 2024-02-13T02:15:08.107
Modified: 2024-11-21T08:55:38.007
Link: CVE-2024-22126
Redhat
No data.