Vulnerability Details CVE-2024-22126
The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.5%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2024-22126
-
cpe:2.3:a:sap:netweaver_application_server_java:7.50