Authorization Bypass Vulnerability in SAP ERP HCM Portugal Software
CVE-2022-22535

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Erp Hcm (portugal)
Vendor: CVE Published:; 9 February 2022

What is CVE-2022-22535?

The SAP ERP HCM Portugal software fails to enforce necessary authorization checks when generating a specific report that accesses payroll data for employees. This vulnerability could allow unauthorized users to view sensitive payroll information without the ability to modify it or disrupt system availability. Such exposure of employee data poses a significant risk to organizations relying on secure payroll management functionalities.

Affected Version(s)

SAP ERP HCM (Portugal) 600

SAP ERP HCM (Portugal) 604

SAP ERP HCM (Portugal) 608

References

https://launchpad.support.sap.com/#/notes/3126489

x_refsource_MISC

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Jan 4, 2022