Insufficient Input Validation in SAP NetWeaver Development Infrastructure Allows Script Injection and Code Execution

Insufficient Input Validation in SAP NetWeaver Development Infrastructure Allows Script Injection and Code Execution

CVE-2022-29618 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Learn more about our Infrastructure Penetration Testing.