5.5

CVE-2022-31597

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPS/4HANA Version101
SAPS/4HANA Version102
SAPS/4HANA Version103
SAPS/4HANA Version104
SAPS/4HANA Version105
SAPS/4HANA Version106
SAPSapscore Version127
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.353
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:P/I:P/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://launchpad.support.sap.com/#/notes/3213826
Vendor Advisory
Permissions Required