Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22534

Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.

Published

2022-02-09T23:15:18.533

Last Modified

2024-11-21T06:46:58.527

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver	700	Yes
Application	sap	netweaver	701	Yes
Application	sap	netweaver	702	Yes
Application	sap	netweaver	731	Yes
Application	sap	netweaver	740	Yes
Application	sap	netweaver	750	Yes
Application	sap	netweaver	751	Yes
Application	sap	netweaver	752	Yes
Application	sap	netweaver	753	Yes
Application	sap	netweaver	754	Yes
Application	sap	netweaver	755	Yes
Application	sap	netweaver	756	Yes

References

https://launchpad.support.sap.com/#/notes/3124994 Permissions Required ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3124994 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)