EUVD-2026-35282
GHSA-r38j-ghgj-963g
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim's browser. This could allow the attacker to access and/or modify information related to the webclient, impacting the confidentiality and integrity of the application, with no impact to availability.
AnalysisAI
Reflected cross-site scripting in SAP NetWeaver JAVA's JDBC Test Servlet enables unauthenticated remote attackers to craft malicious URLs that execute arbitrary JavaScript in a victim's browser upon interaction. The Changed Scope (S:C) in the CVSS vector indicates the injected script can affect browser context beyond the vulnerable origin, enabling session theft, credential harvesting, or unauthorized modification of webclient data. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the SAP NetWeaver JAVA JDBC Test Servlet is accessible over the network - the CVSS AV:N/PR:N rating confirms this endpoint does not require authentication to reach or submit input. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS base score of 6.1 (Medium) reflects a balanced signal: the attack vector is Network with Low complexity and no required privileges (AV:N/AC:L/PR:N), but exploitation is gated on User Interaction (UI:R), meaning an attacker must deceive a victim into clicking a crafted URL. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker identifies a SAP NetWeaver JAVA instance with the JDBC Test Servlet exposed, then constructs a URL containing a URL-encoded JavaScript payload targeting the vulnerable reflection point in the servlet's response. The attacker delivers this URL to a target SAP user via phishing email or a watering-hole link, and upon the victim clicking the URL, the script executes within the victim's browser session, potentially exfiltrating session tokens or performing actions on behalf of the victim within the SAP webclient. |
| Remediation | Apply the fix documented in SAP Security Note 3723655, available through the SAP Support Portal at https://me.sap.com/notes/3723655. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Server-side request forgery in crmeb_java 1.4 allows remote unauthenticated attackers to manipulate the base64 Qrcode en
Reflected cross-site scripting in OpenClinic GA 5.351.19's DICOM image upload handler allows unauthenticated remote atta
Unsafe deserialization in Apache Fory fory-core Java SDK versions prior to 1.1.0 allows remote attackers to bypass the f
Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manip
Unsafe deserialization in Spring Framework's JMS message converters (MappingJackson2MessageConverter and JacksonJsonMess
Share
External POC / Exploit Code
Leaving vuln.today