CVE-2022-41264

CWE-94Code Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.8%
top 25.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Basis
Timeline
PublishedDec 13

Description

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation the attacker can have full control of the system to which the class belongs, causing a high impact on the integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5sap/basis13 versions+12
NVDsap/basis13 versions+12

🔴Vulnerability Details

2
CVEList
CVE-2022-41264: Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows2022-12-13
GHSA
GHSA-rmpg-qm23-v7r4: Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows2022-12-13
CVE-2022-41264 (HIGH CVSS 8.8) | Due to the unrestricted scope of th | cvebase.io