CVE-2024-44120 MEDIUM

CVE-2024-44120: Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Vendor Sap_Se
Product SAP NetWeaver Enterprise Portal
Weakness CWE-79 · XSS
Published September 10, 2024
Last update September 10, 2024

CVSS base score

4.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.

Key dates

02Disclosure timeline

September 10, 2024 CVE published
September 10, 2024 Record updated