8.8
CVE-2022-29611
- EPSS 0.4%
- Veröffentlicht 11.05.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:59:25
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Abap Version700
SAP ≫ Netweaver Application Server Abap Version701
SAP ≫ Netweaver Application Server Abap Version702
SAP ≫ Netweaver Application Server Abap Version710
SAP ≫ Netweaver Application Server Abap Version711
SAP ≫ Netweaver Application Server Abap Version730
SAP ≫ Netweaver Application Server Abap Version731
SAP ≫ Netweaver Application Server Abap Version740
SAP ≫ Netweaver Application Server Abap Version750
SAP ≫ Netweaver Application Server Abap Version751
SAP ≫ Netweaver Application Server Abap Version752
SAP ≫ Netweaver Application Server Abap Version753
SAP ≫ Netweaver Application Server Abap Version754
SAP ≫ Netweaver Application Server Abap Version755
SAP ≫ Netweaver Application Server Abap Version756
SAP ≫ Netweaver Application Server Abap Version787
SAP ≫ Netweaver Application Server Abap Version788
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.603 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.