CVE-2022-39799

CVE-2022-39799

Vendor Sap Se

Product SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)

Weakness CWE-79 · XSS

Published September 13, 2022

Last update June 10, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.

Key dates

02Disclosure timeline

September 13, 2022 CVE published

June 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-39799 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-39799

CWE CWE-79

Affected versions

Vendor Sap Se

Product SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)

Affected KERNEL 7.77

Vendor Sap Se

Product SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)

Affected 7.81

Vendor Sap Se

Product SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)

Affected 7.85

Vendor Sap Se

Product SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)

Affected 7.89

Vendor Sap Se

Product SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)

Affected 7.54

01Description

02Disclosure timeline

03References

04Related CVE