CVE-2022-41212 — Path Traversal in SE SAP Netweaver Application Server Abap AND Abap Platform

CWE-22 — Path Traversal3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.5%

top 34.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedNov 8

Latest updateNov 9

Description

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap_and_abap_platform6 versions+5

▶NVDsap/netweaver_application6 versions+5

🔴Vulnerability Details

GHSA

GHSA-86r4-6w98-w5h6: Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a r↗2022-11-09

▶

CVEList

CVE-2022-41212: Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a r↗2022-11-08

▶