Vulnerability Details CVE-2022-35294
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.1%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2022-35294
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.49
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.53
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.54
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.77
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.81
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.85
-
cpe:2.3:a:sap:netweaver_application_server_abap:7.89
-
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22
-
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22
-
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22