CVE-2022-35298

CVE-2022-35298

Vendor Sap Se
Product SAP NetWeaver Enterprise Portal (KMC)
Weakness CWE-79 · XSS
Published September 13, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session.

Key dates

02Disclosure timeline

September 13, 2022 CVE published
August 3, 2024 Record updated