Details of VAR-202202-0556

ID

VAR-202202-0556

CVE

CVE-2022-22534

TITLE

SAP NetWeaver Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005424

DESCRIPTION

Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application. SAP NetWeaver Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-22534 // JVNDB: JVNDB-2022-005424 // VULMON: CVE-2022-22534

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	700	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	702	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	753	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	755	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	751	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	701	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	752	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	754	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	740	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	731	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	756	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	750	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	-	version:	-	Trust: 0.8
vendor:	sap	model:	netweaver	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005424 // NVD: CVE-2022-22534

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22534
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-22534
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-565
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2022-22534
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22534
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2022-22534
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22534
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2022-22534 // JVNDB: JVNDB-2022-005424 // CNNVD: CNNVD-202202-565 // NVD: CVE-2022-22534

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-005424 // NVD: CVE-2022-22534

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-565

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202202-565

PATCH

title:	SAP Security Patch Day - May 2023	url:	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Trust: 0.8
title:	SAP Netweaver Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182435	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-22534	Trust: 0.1

sources: VULMON: CVE-2022-22534 // JVNDB: JVNDB-2022-005424 // CNNVD: CNNVD-202202-565

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22534	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-005424	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-565	Trust: 0.6
db:	VULMON	id:	CVE-2022-22534	Trust: 0.1

sources: VULMON: CVE-2022-22534 // JVNDB: JVNDB-2022-005424 // CNNVD: CNNVD-202202-565 // NVD: CVE-2022-22534

REFERENCES

url:	https://launchpad.support.sap.com/#/notes/3124994	Trust: 1.7
url:	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22534	Trust: 0.8
url:	https://wiki.scn.sap.com/wiki/display/psr/sap+security+patch+day+-+february+2022	Trust: 0.6
url:	https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-de-decembre-2021-37478	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2022-22534	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-22534 // JVNDB: JVNDB-2022-005424 // CNNVD: CNNVD-202202-565 // NVD: CVE-2022-22534

SOURCES

db:	VULMON	id:	CVE-2022-22534
db:	JVNDB	id:	JVNDB-2022-005424
db:	CNNVD	id:	CNNVD-202202-565
db:	NVD	id:	CVE-2022-22534

LAST UPDATE DATE

2024-11-23T22:24:59.709000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-22534	date:	2022-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-005424	date:	2023-05-30T08:47:00
db:	CNNVD	id:	CNNVD-202202-565	date:	2022-08-25T00:00:00
db:	NVD	id:	CVE-2022-22534	date:	2024-11-21T06:46:58.527

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-22534	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005424	date:	2023-05-30T00:00:00
db:	CNNVD	id:	CNNVD-202202-565	date:	2022-02-08T00:00:00
db:	NVD	id:	CVE-2022-22534	date:	2022-02-09T23:15:18.533