Privilege Escalation in SAP NetWeaver Application Server and ABAP Platform
CVE-2022-29611

8.8HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server For Abap And Abap Platform
Vendor: CVE Published:; 11 May 2022

What is CVE-2022-29611?

The SAP NetWeaver Application Server for ABAP and ABAP Platform are affected by a security flaw where the systems fail to enforce adequate authorization checks for authenticated users. This oversight allows users to gain elevated privileges, potentially leading to unauthorized access to critical components and data within the system. Organizations using these platforms should take immediate steps to mitigate this vulnerability and ensure proper security controls are in place.

Affected Version(s)

SAP NetWeaver Application Server for ABAP and ABAP Platform 700

SAP NetWeaver Application Server for ABAP and ABAP Platform 701

SAP NetWeaver Application Server for ABAP and ABAP Platform 702

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3165801

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2022
Vulnerability Reserved
Apr 25, 2022