2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-39799" ,
"sourceIdentifier" : "cna@sap.com" ,
"published" : "2022-09-13T16:15:09.110" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T07:18:16.317" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user."
} ,
{
"lang" : "es" ,
"value" : "Un atacante sin autenticaci\u00f3n previa podr\u00eda dise\u00f1ar y enviar un script malicioso a la Interfaz Gr\u00e1fica de Usuario de SAP para HTML dentro de Fiori Launchpad, resultando en un ataque de tipo cross-site scripting. Esto podr\u00eda conllevar a un robo de informaci\u00f3n de sesi\u00f3n y una suplantaci\u00f3n del usuario afectado"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 6.1 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 2.7
}
]
} ,
"weaknesses" : [
{
"source" : "cna@sap.com" ,
2024-12-15 03:03:56 +00:00
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:7.54:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "92EBF7BA-BB05-4946-9CA8-E170AB80ECA3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "252DCEF2-8DDF-467F-8869-B69A0A3426F8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:7.85:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9BC578BE-2308-491E-9D56-6B45AFF0FCFA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:7.89:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4C5C5010-9631-4C70-AD90-A0D16B03BFA5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "208F59B2-7D79-4E0E-97DA-AEB9976C8EEA"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://launchpad.support.sap.com/#/notes/3229820" ,
"source" : "cna@sap.com" ,
"tags" : [
"Permissions Required" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" ,
"source" : "cna@sap.com" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://launchpad.support.sap.com/#/notes/3229820" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Permissions Required" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
