Unrated severityNVD Advisory· Published Jan 14, 2022· Updated Aug 3, 2024
CVE-2022-22529
CVE-2022-22529
Description
SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI.
Affected products
2- Range: = 2.0
- SAP SE/SAP Enterprise Threat Detectionv5Range: 2.0
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.