Back to search
CVE-2022-27656
Published: May 11, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
| Vendor | Product | Versions |
|---|---|---|
SAP SE | SAP NetWeaver AS for ABAP and Java (ICM Administration UI) | affected KRNL64NUC 7.22affected 7.22EXTaffected 7.49affected KRNL64 8.04affected 7.22+8 more versions |
SAP SE | SAP Web Dispatcher (Web Administration UI) | affected 7.49affected 7.53affected 7.77affected 7.81affected 7.85+1 more versions |
Weaknesses (CWE)
References
https://launchpad.support.sap.com/#/notes/3145046
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now