CVE-2022-41214 — Improper Input Validation in SE SAP Netweaver Application Server Abap AND Abap Platform

CWE-20 — Improper Input Validation CWE-22 — Path Traversal3 documents3 sources

Severity

8.7HIGHNVD

EPSS

0.4%

top 37.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedNov 8

Latest updateNov 9

Description

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:HExploitability: 2.3 | Impact: 5.8

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap_and_abap_platform6 versions+5

▶NVDsap/netweaver_application6 versions+5

🔴Vulnerability Details

GHSA

GHSA-3g8c-3h7h-7p82: Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a r↗2022-11-09

▶

CVEList

CVE-2022-41214: Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a r↗2022-11-08

▶