We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-22126

Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application)



Description

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.

Reserved 2024-01-05 | Published 2024-02-13 | Updated 2025-02-11 | Assigner sap


MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

7.50
affected

References

me.sap.com/notes/3417627

www.sap.com/.../02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

me.sap.com/notes/3557138

cve.org (CVE-2024-22126)

nvd.nist.gov (CVE-2024-22126)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-22126

Support options

Helpdesk Chat, Email, Knowledgebase