← Back

CVE-2022-41268

nvd nist
Published: Dec 13, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.6 / Impact: 5.9
Source: NVD

Description

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized transaction functionality. Under specific circumstances, a successful attack could enable an adversary to escalate their privileges to be able to read, change or delete system data.

Affected (11)

Sap
1 product
Business Planning And Consolidation
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Business Planning And Consolidation
Version 200
Business Planning And Consolidation
Version 300
Business Planning And Consolidation
Version 750
Business Planning And Consolidation
Version 751
Business Planning And Consolidation
Version 752
Business Planning And Consolidation
Version 753
Business Planning And Consolidation
Version 754
Business Planning And Consolidation
Version 755
Business Planning And Consolidation
Version 756
Business Planning And Consolidation
Version 757
Business Planning And Consolidation
Version 810

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.