CVE-2024-44120

low-risk

Published 2024-09-10

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.

Do I need to act?

0.61% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

NETWORK / HIGH complexity

References (2)

https://me.sap.com/notes/3498221

https://url.sap/sapsecuritypatchday

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal