CVE-2022-27669

CWE-862 — Missing Authorization3 documents3 sources

Severity

7.5HIGH

EPSS

0.7%

top 27.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Java SAP Netweaver Application Server FOR Java

Timeline

PublishedApr 12

Latest updateApr 13

Description

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_java7.50

▶NVDsap/netweaver_application7.50

🔴Vulnerability Details

GHSA

GHSA-rhvw-cjqg-5fxj: An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7↗2022-04-13

▶

CVEList

CVE-2022-27669: An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7↗2022-04-12

▶