Improper Authorization Check in SAP Business User Interface
CVE-2022-31589

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Erp, Localization For Cee Countries.; SAP Financials; SAP S/4hana Core
Vendor: CVE Published:; 14 June 2022

Summary

An improper authorization check within the SAP Business User Interface, specifically for users accessing the Israeli File from the SHAAM program, allows business users to obtain elevated permissions. This flaw enables unauthorized access to sensitive data and facilitates transactions that should be restricted, raising significant security concerns for organizations reliant on this system.

Affected Version(s)

SAP ERP, localization for CEE countries. C-CEE 110_600

SAP ERP, localization for CEE countries. 110_602

SAP ERP, localization for CEE countries. 110_603

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3203065

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
May 24, 2022