← Back

CVE-2022-41214

nvd nist
Published: Nov 8, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.7
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
Exploitability: 2.3 / Impact: 5.8
Source: NVD

Description

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application.

Affected (6)

Sap
1 product
Netweaver Application Server Abap
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Application Server Abap
Version 700
Netweaver Application Server Abap
Version 731
Netweaver Application Server Abap
Version 740
Netweaver Application Server Abap
Version 750
Netweaver Application Server Abap
Version 789
Netweaver Application Server Abap
Version 804

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.