CVE-2022-22531

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:s\/4hana:100:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:101:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:106:*:*:*:*:*:*:*

History

21 Nov 2024, 06:46

Type Values Removed Values Added
References () https://launchpad.support.sap.com/#/notes/3112928 - Permissions Required () https://launchpad.support.sap.com/#/notes/3112928 - Permissions Required
References () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035 - Vendor Advisory () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035 - Vendor Advisory

10 Jul 2023, 19:15

Type Values Removed Values Added
Summary The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified. The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.

Information

Published : 2022-01-14 20:15

Updated : 2024-11-21 06:46


NVD link : CVE-2022-22531

Mitre link : CVE-2022-22531

CVE.ORG link : CVE-2022-22531


JSON object : View

Products Affected

sap

  • s\/4hana