Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-41268

Опубликовано: 13 дек. 2022
Источник: nvd
CVSS3: 8.5
CVSS3: 7.5
EPSS Низкий

Описание

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized transaction functionality. Under specific circumstances, a successful attack could enable an adversary to escalate their privileges to be able to read, change or delete system data.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:business_planning_and_consolidation:200:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_planning_and_consolidation:300:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_planning_and_consolidation:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_planning_and_consolidation:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_planning_and_consolidation:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_planning_and_consolidation:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_planning_and_consolidation:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_planning_and_consolidation:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_planning_and_consolidation:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_planning_and_consolidation:757:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_planning_and_consolidation:810:*:*:*:*:*:*:*

EPSS

Процентиль: 55%
0.0032
Низкий

8.5 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-269

Связанные уязвимости

github логотип

GHSA-pfpv-6wg2-46jw

CVSS3: 7.5
github
около 3 лет назад

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized transaction functionality. Under specific circumstances, a successful attack could enable an adversary to escalate their privileges to be able to read, change or delete system data.

EPSS

Процентиль: 55%
0.0032
Низкий

8.5 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-269