cnvd - cnvd-2022-88972

cnvd-2022-88972

Vulnerability from cnvd

Title

SAP Data Services Management跨站脚本漏洞

Description

SAP Data Services Management是德国思爱普（SAP）公司的一个数据服务管理软件。有助于确保不会在业务的不同部分（包括流程、运营、分析和报告）中使用多个可能不一致的数据版本。 SAP Data Services Management4.2版本和4.3版本存在跨站脚本漏洞。该漏洞源于对用户提供的数据缺乏有效过滤与转义，登录管理控制台的攻击者可利用该漏洞从请求中复制数据并将其回显到应用程序的即时响应中，发起跨站攻击。

Severity

中

Patch Name

SAP Data Services Management跨站脚本漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://launchpad.support.sap.com/#/notes/3167342

Reference

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Impacted products

Name
['SAP Data Services Management 4.2', 'SAP Data Services Management 4.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-35226",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-35226"
    }
  },
  "description": "SAP Data Services Management\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u6570\u636e\u670d\u52a1\u7ba1\u7406\u8f6f\u4ef6\u3002\u6709\u52a9\u4e8e\u786e\u4fdd\u4e0d\u4f1a\u5728\u4e1a\u52a1\u7684\u4e0d\u540c\u90e8\u5206\uff08\u5305\u62ec\u6d41\u7a0b\u3001\u8fd0\u8425\u3001\u5206\u6790\u548c\u62a5\u544a\uff09\u4e2d\u4f7f\u7528\u591a\u4e2a\u53ef\u80fd\u4e0d\u4e00\u81f4\u7684\u6570\u636e\u7248\u672c\u3002\n\nSAP Data Services Management4.2\u7248\u672c\u548c4.3\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u6709\u6548\u8fc7\u6ee4\u4e0e\u8f6c\u4e49\uff0c\u767b\u5f55\u7ba1\u7406\u63a7\u5236\u53f0\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u8bf7\u6c42\u4e2d\u590d\u5236\u6570\u636e\u5e76\u5c06\u5176\u56de\u663e\u5230\u5e94\u7528\u7a0b\u5e8f\u7684\u5373\u65f6\u54cd\u5e94\u4e2d\uff0c\u53d1\u8d77\u8de8\u7ad9\u653b\u51fb\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://launchpad.support.sap.com/#/notes/3167342",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-88972",
  "openTime": "2022-12-18",
  "patchDescription": "SAP Data Services Management\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u6570\u636e\u670d\u52a1\u7ba1\u7406\u8f6f\u4ef6\u3002\u6709\u52a9\u4e8e\u786e\u4fdd\u4e0d\u4f1a\u5728\u4e1a\u52a1\u7684\u4e0d\u540c\u90e8\u5206\uff08\u5305\u62ec\u6d41\u7a0b\u3001\u8fd0\u8425\u3001\u5206\u6790\u548c\u62a5\u544a\uff09\u4e2d\u4f7f\u7528\u591a\u4e2a\u53ef\u80fd\u4e0d\u4e00\u81f4\u7684\u6570\u636e\u7248\u672c\u3002\r\n\r\nSAP Data Services Management4.2\u7248\u672c\u548c4.3\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u7f3a\u4e4f\u6709\u6548\u8fc7\u6ee4\u4e0e\u8f6c\u4e49\uff0c\u767b\u5f55\u7ba1\u7406\u63a7\u5236\u53f0\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u8bf7\u6c42\u4e2d\u590d\u5236\u6570\u636e\u5e76\u5c06\u5176\u56de\u663e\u5230\u5e94\u7528\u7a0b\u5e8f\u7684\u5373\u65f6\u54cd\u5e94\u4e2d\uff0c\u53d1\u8d77\u8de8\u7ad9\u653b\u51fb\u3002\r\n\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Data Services Management\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP Data Services Management 4.2",
      "SAP Data Services Management 4.3"
    ]
  },
  "referenceLink": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
  "serverity": "\u4e2d",
  "submitTime": "2022-10-13",
  "title": "SAP Data Services Management\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2022-35226 (GCVE-0-2022-35226)

Vulnerability from cvelistv5

Published

2022-10-11 00:00

Modified

2024-08-03 09:29

Severity ?

CWE

CWE-79

Summary

SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console.

References

URL

Tags

	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
	https://launchpad.support.sap.com/#/notes/3167342