Improper Authorization Check in SAP Business User Interface
CVE-2022-31589

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Erp, Localization For Cee Countries.; SAP Financials; SAP S/4hana Core
Vendor: CVE Published:; 14 June 2022

What is CVE-2022-31589?

An improper authorization check within the SAP Business User Interface, specifically for users accessing the Israeli File from the SHAAM program, allows business users to obtain elevated permissions. This flaw enables unauthorized access to sensitive data and facilitates transactions that should be restricted, raising significant security concerns for organizations reliant on this system.

Affected Version(s)

SAP ERP, localization for CEE countries. C-CEE 110_600

SAP ERP, localization for CEE countries. 110_602

SAP ERP, localization for CEE countries. 110_603

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3203065

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
May 24, 2022