CVE-2022-29618

CVE-2022-29618

Vendor Sap Se

Product SAP NetWeaver Development Infrastructure (Design Time Repository)

Weakness CWE-79 · XSS

Published June 14, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Key dates

02Disclosure timeline

June 14, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-29618 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-29618

CWE CWE-79

Affected versions

Vendor Sap Se

Product SAP NetWeaver Development Infrastructure (Design Time Repository)

Affected 7.30

Vendor Sap Se

Product SAP NetWeaver Development Infrastructure (Design Time Repository)

Affected 7.31

Vendor Sap Se

Product SAP NetWeaver Development Infrastructure (Design Time Repository)

Affected 7.40

Vendor Sap Se

Product SAP NetWeaver Development Infrastructure (Design Time Repository)

Affected 7.50

01Description

02Disclosure timeline

03References

04Related CVE