SAP NetWeaver Application Server ABAP 7.54

CPE Details

SAP NetWeaver Application Server ABAP 7.54
sap
netweaver_application_server_abap
7.54
2022-10-05
11h56 +00:00
2022-10-05
12h16 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:sap:netweaver_application_server_abap:7.54:*:*:*:*:*:*:*

Informations

Vendor

sap

Product

netweaver_application_server_abap

Version

7.54

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-27499 2023-04-11 02h48 +00:00 SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker.
6.1
Medium
CVE-2022-39799 2022-09-13 13h43 +00:00 An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.
6.1
Medium
CVE-2022-35294 2022-09-13 13h43 +00:00 An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.
5.4
Medium