CVE-2024-22128

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Feb 13, 2024

CWE ID 79

Summary

CVE-2024-22128 is a Cross-Site Scripting (XSS) vulnerability affecting various versions of SAP NWBC for HTML, including SAP_UI 754 to 758 and SAP_BASIS 700 to 731. The issue stems from insufficient input encoding, allowing an unauthenticated attacker to inject malicious JavaScript. Upon successful exploitation, the attacker can cause limited impact to the confidentiality and integrity of application data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uCUiHy
https://www.cve.org/CVERecord?id=CVE-2024-22128
https://nvd.nist.gov/vuln/detail/CVE-2024-22128

Back to Vulnerability Database

CVE-2024-22128

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations