The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
2022-05-11T15:15:09.677
2024-11-21T06:56:06.843
Modified
CVSSv3.1: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | sap | netweaver_as_abap_kernel | 7.22 | Yes |
| Application | sap | netweaver_as_abap_kernel | 7.49 | Yes |
| Application | sap | netweaver_as_abap_kernel | 7.53 | Yes |
| Application | sap | netweaver_as_abap_kernel | 7.77 | Yes |
| Application | sap | netweaver_as_abap_kernel | 7.81 | Yes |
| Application | sap | netweaver_as_abap_kernel | 7.85 | Yes |
| Application | sap | netweaver_as_abap_kernel | 7.86 | Yes |
| Application | sap | netweaver_as_abap_kernel | 7.87 | Yes |
| Application | sap | netweaver_as_abap_kernel | 8.04 | Yes |
| Application | sap | netweaver_as_abap_krnl64uc | 7.22 | Yes |
| Application | sap | netweaver_as_abap_krnl64uc | 7.22ext | Yes |
| Application | sap | netweaver_as_abap_krnl64uc | 7.49 | Yes |
| Application | sap | netweaver_as_abap_krnl64uc | 7.53 | Yes |
| Application | sap | netweaver_as_abap_krnl64uc | 8.04 | Yes |
| Application | sap | webdispatcher | 7.22ext | Yes |
| Application | sap | webdispatcher | 7.49 | Yes |
| Application | sap | webdispatcher | 7.53 | Yes |
| Application | sap | webdispatcher | 7.77 | Yes |
| Application | sap | webdispatcher | 7.81 | Yes |
| Application | sap | webdispatcher | 7.83 | Yes |
| Application | sap | webdispatcher | 7.85 | Yes |