Vulnerabilities > CVE-2022-29613 - Unspecified vulnerability in SAP Employee Self Service 605

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2022-05-11

Updated: 2024-11-21

Summary

Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Employee Self Service 605	1

References

https://launchpad.support.sap.com/#/notes/3164677
https://launchpad.support.sap.com/#/notes/3164677
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html