6.5
CVE-2022-31589
- EPSS 0.19%
- Published 14.06.2022 19:15:07
- Last modified 21.11.2024 07:04:47
- Source cna@sap.com
- Teams watchlist Login
- Open Login
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Erp Financial Accounting Version618
SAP ≫ Erp Financial Accounting Version720
SAP ≫ Erp Localization For Cee Countries Versionc-cee_110_600
SAP ≫ Erp Localization For Cee Countries Versionc-cee_110_602
SAP ≫ Erp Localization For Cee Countries Versionc-cee_110_603
SAP ≫ Erp Localization For Cee Countries Versionc-cee_110_604
SAP ≫ Erp Localization For Cee Countries Versionc-cee_110_700
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.408 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.