CVE-2022-35293 Vulnerability Details

  /     /     /  

CVE-2022-35293 Metadata Quick Info

CVE Published: 09/08/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: sap | Vendor: SAP SE | Product: SAP Enable Now Manager
Status : PUBLISHED

CVE-2022-35293 Description

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user\'s account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-862
CWE Name: CWE-862
Source: SAP SE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).