CVE-2022-26105

{"id": "CVE-2022-26105", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-04-12T17:15:09.567", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3163583", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application."}, {"lang": "es", "value": "SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, es susceptible de sufrir un ataque de ejecuci\u00f3n de scripts por parte de un atacante no autenticado debido a la incorrecta sanitizaci\u00f3n de las entradas del usuario mientras interact\u00faa en la Red. Si es explotado con \u00e9xito, un atacante puede visualizar o modificar la informaci\u00f3n causando un impacto limitado en la confidencialidad e integridad de la aplicaci\u00f3n"}], "lastModified": "2022-04-19T19:09:07.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40BA6B1C-F11D-49DF-A3DE-92D1442BC09F"}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16A4B1E5-FD7B-4D7F-9791-E865FC8ED476"}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCCA369A-EA1B-4312-8727-82BA1192D8A2"}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64F0B5E2-054F-41CC-9296-38E3E5DFC77B"}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E666D8FD-1F21-4E97-80BB-D560AB125DB5"}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D61E5F0-5F16-489D-BB7D-2C630637DCAC"}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D91F9D76-39D6-4D5E-BFAE-892CB8C30A79"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}