CVE-2022-22542 Vulnerability Details

  /     /     /  

CVE-2022-22542 Metadata Quick Info

CVE Published: 09/02/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: sap | Vendor: SAP SE | Product: SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)
Status : PUBLISHED

---

CVE-2022-22542 Description

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: CWE-200
Source: SAP SE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).