exploitDog

CVE-2022-39801

Опубликовано: 13 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application.

Ссылки

https://launchpad.support.sap.com/#/notes/3237075
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory
https://launchpad.support.sap.com/#/notes/3237075
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:access_control:12:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00403

Низкий

7.5 High

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-9h2g-5fp5-mw6q

CVSS3: 7.5

github

больше 3 лет назад

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application.

EPSS

Процентиль: 60%

0.00403

Низкий

7.5 High

CVSS3

Дефекты

CWE-287