CVE-2024-44120

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3498221
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

10 Sep 2024, 12:09

Type	Values Removed	Values Added
Summary		(es) SAP NetWeaver Enterprise Portal es vulnerable a ataques de cross site scripting reflejado debido a una codificación insuficiente de la entrada controlada por el usuario. Un atacante no autenticado podría crear una URL maliciosa y engañar al usuario para que haga clic en ella. Si la víctima hace clic en esta URL antes de que se agote el tiempo de espera, el atacante podría leer y manipular el contenido del usuario en el navegador.

10 Sep 2024, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 05:15

Updated : 2024-09-10 12:09

NVD link : CVE-2024-44120

Mitre link : CVE-2024-44120

CVE.ORG link : CVE-2024-44120

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.7 /10