Vulnerabilities > CVE-2022-31592 - Missing Authorization vulnerability in SAP Enterprise Extension Defense Forces & Public Security

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2022-07-12

Updated: 2022-07-16

Summary

The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Enterprise Extension Defense Forces & Public Security 605 SAP Enterprise Extension Defense Forces & Public Security 606 SAP Enterprise Extension Defense Forces & Public Security 616 SAP Enterprise Extension Defense Forces & Public Security 617 SAP Enterprise Extension Defense Forces & Public Security 618 SAP Enterprise Extension Defense Forces & Public Security 802 SAP Enterprise Extension Defense Forces & Public Security 803 SAP Enterprise Extension Defense Forces & Public Security 804 SAP Enterprise Extension Defense Forces & Public Security 805 SAP Enterprise Extension Defense Forces & Public Security 806	10

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References