Vulnerabilities > CVE-2022-22535 - Missing Authorization vulnerability in SAP ERP Human Capital Management 600/604/608
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |