CVE-2022-22531

Published: Jan 14, 2022Modified: Feb 24, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.

Affected (7)

Products: Sap: S/4hana

Sap

1 product

S/4hana

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Sap S/4hana	Version 100
Sap S/4hana	Version 101
Sap S/4hana	Version 102
Sap S/4hana	Version 103
Sap S/4hana	Version 104
Sap S/4hana	Version 105
Sap S/4hana	Version 106

References (4)

https://launchpad.support.sap.com/#/notes/3112928

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3112928

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.