CVE-2022-22542Sensitive Information Exposure in SAP S 4hana

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 27.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP S 4hana
Timeline
PublishedFeb 9
Latest updateFeb 11

Description

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDsap/s_4hana104, 105, 106+2

🔴Vulnerability Details

2
GHSA
GHSA-m397-7g87-cgqv: S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for2022-02-11
CVEList
CVE-2022-22542: S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for2022-02-09
CVE-2022-22542 — Sensitive Information Exposure in SAP | cvebase