What the vulnerability does

01Description

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.

Key dates

02Disclosure timeline

September 13, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE