SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability has been identified in SAP NetWeaver Enterprise Portal. This issue allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The injected scripts are reflected in the server response and executed in the user's browser when the crafted URL is accessed. This vulnerability could lead to the theft of session information, manipulation of portal content, or unwanted user redirection. It has a low impact on the application's confidentiality and integrity, with no effect on availability.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser, potentially leading to session hijacking, unauthorized content manipulation, or phishing attacks through user redirection.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying necessary patches. SAP Security Notes can be accessed through the SAP for Me platform, specifically on SAP Security Patch Days, which occur on the second Tuesday of each month.