CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-22128

SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.9%

CVSS Severity

CVSS v3 Score 4.7

References

Products affected by CVE-2024-22128

Sap » Netweaver Business Client For Html » Version: sap_basis_700

cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_700
Sap » Netweaver Business Client For Html » Version: sap_basis_701

cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_701
Sap » Netweaver Business Client For Html » Version: sap_basis_702

cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_702
Sap » Netweaver Business Client For Html » Version: sap_basis_731

cpe:2.3:a:sap:netweaver_business_client_for_html:sap_basis_731
Sap » Netweaver Business Client For Html » Version: sap_ui_754

cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_754
Sap » Netweaver Business Client For Html » Version: sap_ui_755

cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_755
Sap » Netweaver Business Client For Html » Version: sap_ui_756

cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_756
Sap » Netweaver Business Client For Html » Version: sap_ui_757

cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_757
Sap » Netweaver Business Client For Html » Version: sap_ui_758

cpe:2.3:a:sap:netweaver_business_client_for_html:sap_ui_758

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-22128

Products

Pricing

Contact Us