Vulnerabilities > CVE-2022-35297 - Unspecified vulnerability in SAP Enable NOW 10
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |