CVE-2022-22531SE SAP S 4hana vulnerability

3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.4%
top 40.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP S 4hanaSAP S 4hana
Timeline
PublishedJan 14
Latest updateJan 15

Description

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDsap/s_4hana7 versions+6
CVEListV5sap_se/sap_s_4hana7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-9v3p-rgvx-7cgq: The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files2022-01-15
CVEList
CVE-2022-22531: The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files2022-01-14
CVE-2022-22531 — SAP SE SAP S 4hana vulnerability | cvebase