exploitDog

CVE-2022-29613

Опубликовано: 11 мая 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.

Ссылки

https://launchpad.support.sap.com/#/notes/3164677
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory
https://launchpad.support.sap.com/#/notes/3164677
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:employee_self_service:605:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00368

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-6m7p-fgw9-pwr9

CVSS3: 4.3

github

больше 3 лет назад

Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.

EPSS

Процентиль: 58%

0.00368

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20