VYPR
Unrated severityNVD Advisory· Published Sep 13, 2022· Updated Aug 3, 2024

CVE-2022-35294

CVE-2022-35294

Description

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.