Vulnerabilities > CVE-2024-22126 - Unspecified vulnerability in SAP Netweaver Application Server Java 7.50

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
LOW
Availability impact
LOW
network
low complexity
sap

Summary

The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.

Vulnerable Configurations

Part Description Count
Application
Sap
1