CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39799

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.7%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2022-39799

Sap » Netweaver Application Server Abap » Version: 7.54

cpe:2.3:a:sap:netweaver_application_server_abap:7.54
Sap » Netweaver Application Server Abap » Version: 7.81

cpe:2.3:a:sap:netweaver_application_server_abap:7.81
Sap » Netweaver Application Server Abap » Version: 7.85

cpe:2.3:a:sap:netweaver_application_server_abap:7.85
Sap » Netweaver Application Server Abap » Version: 7.89

cpe:2.3:a:sap:netweaver_application_server_abap:7.89
Sap » Netweaver Application Server Abap » Version: kernel_7.77

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-39799

Products

Pricing

Contact Us