6.5
CVE-2022-31589
- EPSS 0.19%
- Veröffentlicht 14.06.2022 19:15:07
- Zuletzt bearbeitet 21.11.2024 07:04:47
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Erp Financial Accounting Version618
SAP ≫ Erp Financial Accounting Version720
SAP ≫ Erp Localization For Cee Countries Versionc-cee_110_600
SAP ≫ Erp Localization For Cee Countries Versionc-cee_110_602
SAP ≫ Erp Localization For Cee Countries Versionc-cee_110_603
SAP ≫ Erp Localization For Cee Countries Versionc-cee_110_604
SAP ≫ Erp Localization For Cee Countries Versionc-cee_110_700
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.408 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.