Sap Netweaver Application Server Java Configuration Wizard
Monthly
Reflected cross-site scripting in SAP NetWeaver Application Server Java (specifically the Configuration Wizard component) lets an unauthenticated attacker embed malicious JavaScript in crafted URLs that executes in a victim's browser when the link is opened. Because the CVSS scope is changed (S:C) and confidentiality impact is high, a successful lure can expose sensitive session information and tamper with non-sensitive data rendered in the client. No public exploit identified at time of analysis, but the 8.2 CVSS and unauthenticated, network-reachable vector make it a meaningful phishing-driven risk for exposed SAP portals.
Reflected cross-site scripting in SAP NetWeaver Application Server Java (specifically the Configuration Wizard component) lets an unauthenticated attacker embed malicious JavaScript in crafted URLs that executes in a victim's browser when the link is opened. Because the CVSS scope is changed (S:C) and confidentiality impact is high, a successful lure can expose sensitive session information and tamper with non-sensitive data rendered in the client. No public exploit identified at time of analysis, but the 8.2 CVSS and unauthenticated, network-reachable vector make it a meaningful phishing-driven risk for exposed SAP portals.