CVE-2022-35226 – This CVE describes a reflected cross-site scrip... (How to Fix)

Q: What is the severity of CVE-2022-35226?

CVE-2022-35226 has a CVSS score of 6.1 (MEDIUM). This CVE describes a reflected cross-site scripting (XSS) vulnerability in SAP Data Services Management console where user input is improperly echoed back in responses. An authenticated attacker could inject malicious scripts that execute in victims' browsers. Only users with access to the management console are affected.

📋 TL;DR

This CVE describes a reflected cross-site scripting (XSS) vulnerability in SAP Data Services Management console where user input is improperly echoed back in responses. An authenticated attacker could inject malicious scripts that execute in victims' browsers. Only users with access to the management console are affected.

💻 Affected Systems

Products:

SAP Data Services Management

Versions: Specific versions not detailed in CVE; consult SAP notes for exact affected versions.

Operating Systems: All platforms running SAP Data Services Management

Default Config Vulnerable: ⚠️ Yes

Notes: Only specific pages within the DS management console are vulnerable. Requires attacker to have valid login credentials.

📦 What is this software?

Data Services by Sap

View all CVEs affecting Data Services →

Data Services by Sap

View all CVEs affecting Data Services →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attacker steals session cookies, performs actions as other users, or installs malware on administrator workstations.

🟠

Likely Case

Session hijacking leading to unauthorized access to sensitive data or configuration changes within the management console.

🟢

If Mitigated

Limited impact due to authentication requirement and restricted vulnerable pages; potential for minor data exposure.

🌐 Internet-Facing: MEDIUM - If management console is exposed to internet, risk increases but still requires authentication.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials could exploit to escalate privileges or steal data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Standard XSS exploitation techniques apply once authenticated.

Exploitation requires valid authentication to the management console. Attack involves crafting malicious requests to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Security Note 3167342

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3167342

Restart Required: Yes

Instructions:

1. Download patch from SAP Support Portal. 2. Apply SAP Security Note 3167342. 3. Restart SAP Data Services Management services. 4. Verify patch application.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall or input validation to filter script tags and malicious payloads.

Access Restriction

all

Restrict access to management console to trusted IP addresses only.

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Enable HTTPOnly and Secure flags on session cookies to limit XSS impact

🔍 How to Verify

Check if Vulnerable:

Test vulnerable endpoints by injecting XSS payloads and checking if they're reflected in responses. Requires authenticated access.

Check Version:

Check SAP Data Services version via management console or consult SAP system documentation.

Verify Fix Applied:

After applying SAP Note 3167342, test same XSS payloads to confirm they're properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual POST/GET requests with script tags or JavaScript payloads to management console endpoints
Multiple failed login attempts followed by successful login and XSS payload requests

Network Indicators:

HTTP requests containing <script>, javascript:, or other XSS payload patterns to management console

SIEM Query:

source="web_logs" AND (uri CONTAINS "<script>" OR uri CONTAINS "javascript:") AND dest_ip="[management_console_ip]"

📊 Metadata

CVE ID: CVE-2022-35226

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: October 11, 2022

Last Updated: February 25, 2026

🔗 References

https://launchpad.support.sap.com/#/notes/3167342 Permissions Required,Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
https://launchpad.support.sap.com/#/notes/3167342 Permissions Required,Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-35226, you might also want to check these: