CVE-2022-31589

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Erp, Localization For Cee Countries.; SAP Financials; SAP S/4hana Core
Vendor: CVE Published:; 14 June 2022

Summary

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.

Affected Version(s)

SAP ERP, localization for CEE countries. C-CEE 110_600

SAP ERP, localization for CEE countries. 110_602

SAP ERP, localization for CEE countries. 110_603

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3203065

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
May 24, 2022