CVE-2022-41205Code Injection in SE SAP GUI FOR Windows

CWE-94Code InjectionCWE-78OS Command Injection3 documents3 sources
Severity
6.1MEDIUMNVD
CNA5.5
EPSS
0.2%
top 62.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP GUI FOR WindowsSAP GUI
Timeline
PublishedNov 8
Latest updateNov 9

Description

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:HExploitability: 1.8 | Impact: 4.2

Affected Packages2 packages

NVDsap/gui7.70
CVEListV5sap_se/sap_gui_for_windows= 7.70

🔴Vulnerability Details

2
GHSA
GHSA-qx83-927w-w8jp: SAP GUI allows an authenticated attacker to execute scripts in the local network2022-11-09
CVEList
CVE-2022-41205: SAP GUI allows an authenticated attacker to execute scripts in the local network2022-11-08
CVE-2022-41205 — Code Injection | cvebase