CVE-2022-35227

{"id": "CVE-2022-35227", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-07-12T21:15:11.087", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3211760", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session."}, {"lang": "es", "value": "Una vulnerabilidad en SAP NW EP (WPC) - versiones 7.30, 7.31, 7.40, 7.50, que no comprueba suficientemente la entrada controlada por el usuario, permite a un atacante remoto conducir un ataque de tipo Cross-Site scripting (XSS). Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario que podr\u00eda conllevar a el robo o la modificaci\u00f3n de la informaci\u00f3n de autenticaci\u00f3n del usuario, como los datos relativos a su sesi\u00f3n actual"}], "lastModified": "2022-07-20T18:14:24.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64F0B5E2-054F-41CC-9296-38E3E5DFC77B"}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E666D8FD-1F21-4E97-80BB-D560AB125DB5"}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D61E5F0-5F16-489D-BB7D-2C630637DCAC"}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D91F9D76-39D6-4D5E-BFAE-892CB8C30A79"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}