CVE-2022-22540SQL Injection in SE SAP Netweaver AS Abap

CWE-89SQL Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 41.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS AbapSAP Netweaver Application Server Abap
Timeline
PublishedFeb 9
Latest updateFeb 11

Description

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver_as_abap13 versions+12
NVDsap/netweaver_application13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-mjmp-36pv-cgr3: SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute cra2022-02-11
CVEList
CVE-2022-22540: SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute cra2022-02-09
CVE-2022-22540 — SQL Injection | cvebase