CVE-2022-22530 — SE SAP S 4hana vulnerability

3 documents3 sources

Severity

8.1HIGHNVD

EPSS

0.5%

top 34.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP S 4hana SAP S 4hana

Timeline

PublishedJan 14

Latest updateJan 15

Description

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶NVDsap/s_4hana7 versions+6

▶CVEListV5sap_se/sap_s_4hana7 versions+6

🔴Vulnerability Details

GHSA

GHSA-97gx-wpcj-m7f9: The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files↗2022-01-15

▶

CVEList

CVE-2022-22530: The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files↗2022-01-14

▶