CVE-2022-22535

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Erp Hcm (portugal)
Vendor: CVE Published:; 9 February 2022

Summary

SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.

Affected Version(s)

SAP ERP HCM (Portugal) 600

SAP ERP HCM (Portugal) 604

SAP ERP HCM (Portugal) 608

References

https://launchpad.support.sap.com/#/notes/3126489

x_refsource_MISC

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Jan 4, 2022