CVE-2022-26105 - Vulnerability Details - OpenCVE

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Netweaver Enterprise Portal

Configuration 1 [-]

OR	cpe:2.3:a:sap:netweaver_enterprise_portal:7.10:::::::*
	cpe:2.3:a:sap:netweaver_enterprise_portal:7.11:::::::*
	cpe:2.3:a:sap:netweaver_enterprise_portal:7.20:::::::*
	cpe:2.3:a:sap:netweaver_enterprise_portal:7.30:::::::*
	cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:::::::*
	cpe:2.3:a:sap:netweaver_enterprise_portal:7.40:::::::*
	cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:::::::*

No data.

References

Link	Providers
https://launchpad.support.sap.com/#/notes/3163583
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2022-04-12T16:11:22

Updated: 2024-08-03T04:56:37.332Z

Reserved: 2022-02-25T00:00:00

Link: CVE-2022-26105

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-04-12T17:15:09.567

Modified: 2024-11-21T06:53:26.343

Link: CVE-2022-26105

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver Enterprise Portal", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "7.10"}, {"status": "affected", "version": "7.11"}, {"status": "affected", "version": "7.20"}, {"status": "affected", "version": "7.30"}, {"status": "affected", "version": "7.31"}, {"status": "affected", "version": "7.40"}, {"status": "affected", "version": "7.50"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-12T16:11:22", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/3163583"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2022-26105", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver Enterprise Portal", "version": {"version_data": [{"version_affected": "=", "version_value": "7.10"}, {"version_affected": "=", "version_value": "7.11"}, {"version_affected": "=", "version_value": "7.20"}, {"version_affected": "=", "version_value": "7.30"}, {"version_affected": "=", "version_value": "7.31"}, {"version_affected": "=", "version_value": "7.40"}, {"version_affected": "=", "version_value": "7.50"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application."}]}, "impact": {"cvss": {"baseScore": "null", "vectorString": "null", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79"}]}]}, "references": {"reference_data": [{"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"name": "https://launchpad.support.sap.com/#/notes/3163583", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3163583"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:56:37.332Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/3163583"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-26105", "datePublished": "2022-04-12T16:11:22", "dateReserved": "2022-02-25T00:00:00", "dateUpdated": "2024-08-03T04:56:37.332Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "40BA6B1C-F11D-49DF-A3DE-92D1442BC09F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.11:*:*:*:*:*:*:*", "matchCriteriaId": "16A4B1E5-FD7B-4D7F-9791-E865FC8ED476", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.20:*:*:*:*:*:*:*", "matchCriteriaId": "DCCA369A-EA1B-4312-8727-82BA1192D8A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.30:*:*:*:*:*:*:*", "matchCriteriaId": "64F0B5E2-054F-41CC-9296-38E3E5DFC77B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:*:*:*:*:*:*:*", "matchCriteriaId": "E666D8FD-1F21-4E97-80BB-D560AB125DB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.40:*:*:*:*:*:*:*", "matchCriteriaId": "3D61E5F0-5F16-489D-BB7D-2C630637DCAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*", "matchCriteriaId": "D91F9D76-39D6-4D5E-BFAE-892CB8C30A79", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application."}, {"lang": "es", "value": "SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, es susceptible de sufrir un ataque de ejecuci\u00f3n de scripts por parte de un atacante no autenticado debido a la incorrecta sanitizaci\u00f3n de las entradas del usuario mientras interact\u00faa en la Red. Si es explotado con \u00e9xito, un atacante puede visualizar o modificar la informaci\u00f3n causando un impacto limitado en la confidencialidad e integridad de la aplicaci\u00f3n"}], "id": "CVE-2022-26105", "lastModified": "2024-11-21T06:53:26.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-12T17:15:09.567", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3163583"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3163583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@sap.com", "type": "Secondary"}]}