CVE-2022-29610: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

SAP NetWeaver Application Server ABAP contains a vulnerability (CVE-2022-29610) that allows an authenticated attacker to upload malicious files and delete theme data, potentially leading to Stored Cross-Site Scripting (XSS) attacks. The vulnerability was disclosed on May 11, 2022, and affects multiple versions of SAP NetWeaver Application Server ABAP including versions 753, 754, 755, and 756 (CVE Details).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium severity). The attack vector is Network-based (AV:N), with Low attack complexity (AC:L), requires Low privileges (PR:L), and User interaction (UI:R). The scope is Changed (S:C), with Low impact on both Confidentiality (C:L) and Integrity (I:L), and No impact on Availability (A:N) (AttackerKB).

If successfully exploited, this vulnerability could result in unauthorized data manipulation through stored Cross-Site Scripting attacks. The impact primarily affects the confidentiality and integrity of the system, allowing attackers to potentially access and modify sensitive information (CVE Details).

SAP has released security patches to address this vulnerability. Organizations running affected versions of SAP NetWeaver Application Server ABAP should apply the appropriate patches as detailed in SAP Security Note 3146336 (SAP Note).