| Vulnerability Name: | CVE-2022-26102 (CCN-221241) | ||||||||||||
| Assigned: | 2022-03-08 | ||||||||||||
| Published: | 2022-03-08 | ||||||||||||
| Updated: | 2022-10-06 | ||||||||||||
| Summary: | Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application. | ||||||||||||
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) 4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-862 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-26102 Source: CCN Type: SAP Security Patch Day - March2022 SAP Security Patch Day - March2022 Source: MISC Type: Vendor Advisory https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 Source: XF Type: UNKNOWN sap-cve202226102-sec-bypass(221241) Source: CCN Type: SAP Web site SAP Support Note 3145997 Source: MISC Type: Permissions Required, Vendor Advisory https://launchpad.support.sap.com/#/notes/3145997 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||