6.5

CVE-2022-22542

EPSS 0.6%
Veröffentlicht 09.02.2022 23:15:18
Zuletzt bearbeitet 21.11.2024 06:46:59
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ S/4hana Version104

SAP ≫ S/4hana Version105

SAP ≫ S/4hana Version106

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.687

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3142092

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2022-22542

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22542

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22542

EUVD