CVE-2022-29618

{"id": "CVE-2022-29618", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-06-14T19:15:07.550", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3197927", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user\u2019s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application."}, {"lang": "es", "value": "Debido a una insuficiente comprobaci\u00f3n de entrada, SAP NetWeaver Development Infrastructure (Design Time Repository) - versiones 7.30, 7.31, 7.40, 7.50, permite a un atacante no autenticado inyectar un script en la URL y ejecutar c\u00f3digo en el navegador del usuario. Si se explota con \u00e9xito, un atacante puede ver o modificar informaci\u00f3n causando un impacto limitado en la confidencialidad e integridad de la aplicaci\u00f3n"}], "lastModified": "2022-06-24T16:50:39.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_development_infrastructure:7.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6461DE2-4828-4A7C-B8B0-DC3E4AD2EEA9"}, {"criteria": "cpe:2.3:a:sap:netweaver_development_infrastructure:7.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFA0B55C-B687-4E13-ADC9-5F1A2059DA6F"}, {"criteria": "cpe:2.3:a:sap:netweaver_development_infrastructure:7.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ACDCB10-87D1-46F1-B244-E4930B53BC92"}, {"criteria": "cpe:2.3:a:sap:netweaver_development_infrastructure:7.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88555DEC-8AEC-45EE-80BF-C1CE58DE3374"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}