CVE-2022-29611

8.8HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server For Abap And Abap Platform
Vendor: CVE Published:; 11 May 2022

Summary

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Affected Version(s)

SAP NetWeaver Application Server for ABAP and ABAP Platform 700

SAP NetWeaver Application Server for ABAP and ABAP Platform 701

SAP NetWeaver Application Server for ABAP and ABAP Platform 702

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3165801

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2022
Vulnerability Reserved
Apr 25, 2022