Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39799


An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.


Published

2022-09-13T16:15:09.110

Last Modified

2025-06-10T14:15:24.157

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-79

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap netweaver_application_server_abap 7.54 Yes
Application sap netweaver_application_server_abap 7.81 Yes
Application sap netweaver_application_server_abap 7.85 Yes
Application sap netweaver_application_server_abap 7.89 Yes
Application sap netweaver_application_server_abap kernel_7.77 Yes

References