CVE-2022-22530

Published: Jan 14, 2022Modified: Feb 24, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.

Affected (7)

Products: Sap: S/4hana

Sap

1 product

S/4hana

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Sap S/4hana	Version 100
Sap S/4hana	Version 101
Sap S/4hana	Version 102
Sap S/4hana	Version 103
Sap S/4hana	Version 104
Sap S/4hana	Version 105
Sap S/4hana	Version 106

References (4)

https://launchpad.support.sap.com/#/notes/3112928

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3112928

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.