CVE-2022-29611 — Missing Authorization in SE SAP Netweaver Application Server FOR Abap AND Abap Platform

CWE-862 — Missing Authorization3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 38.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedMay 11

Latest updateMay 12

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap_and_abap_platform17 versions+16

▶NVDsap/netweaver_application17 versions+16

🔴Vulnerability Details

GHSA

GHSA-9xxr-mc6p-4x5g: SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in esca↗2022-05-12

▶

CVEList

CVE-2022-29611: SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in esca↗2022-05-11

▶