Back to search
CVE-2022-39799
Published: Sep 13, 2022
Modified: Jun 10, 2025
PUBLISHED
Description
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.
| Vendor | Product | Versions |
|---|---|---|
SAP SE | SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad) | affected KERNEL 7.77affected 7.81affected 7.85affected 7.89affected 7.54 |
Weaknesses (CWE)
References
https://launchpad.support.sap.com/#/notes/3229820
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now