CVE-2024-22126: 
SAP NetWeaver Application Server Java vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in the User Admin application of SAP NetWeaver AS for Java version 7.50. The vulnerability was disclosed on February 12, 2024, and is tracked as CVE-2024-22126. The issue stems from insufficient validation and improper encoding of incoming URL parameters before their inclusion in redirect URLs (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NIST and 6.1 (MEDIUM) by SAP SE. The vulnerability is characterized by Network attack vector, Low attack complexity, No privileges required, and Required user interaction. The scope is Changed, with High impact on confidentiality and Low impact on integrity and availability according to the NIST assessment (NVD). The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

The exploitation of this vulnerability can lead to a high impact on confidentiality and mild impact on integrity and availability of the affected system. The cross-site scripting vulnerability could potentially allow attackers to execute malicious scripts in the context of the user's browser session (NVD).