Vulnerabilities > CVE-2022-31589 - Unspecified vulnerability in SAP products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2022-06-14

Updated: 2023-06-29

Summary

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP S/4Hana 100 SAP S/4Hana 101 SAP S/4Hana 102 SAP S/4Hana 103 SAP S/4Hana 104 SAP S/4Hana 105 SAP S/4Hana 106 SAP S/4Hana 107 SAP S/4Hana 108 SAP ERP Financial Accounting 618 SAP ERP Financial Accounting 720 SAP ERP Localization FOR CEE Countries C-Cee_110_600 SAP ERP Localization FOR CEE Countries C-Cee_110_602 SAP ERP Localization FOR CEE Countries C-Cee_110_603 SAP ERP Localization FOR CEE Countries C-Cee_110_604 SAP ERP Localization FOR CEE Countries C-Cee_110_700	16

Summary

Vulnerable Configurations

References