Vulnerabilities > CVE-2024-22126 - Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
LOW Availability impact
LOW Summary
The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |