Insufficient Input Validation in SAP NetWeaver Application Server ABAP
CVE-2022-41212

4.9MEDIUM

Key Information:

Vendor

SAP
Status
SAP Netweaver Application Server Abap And Abap Platform
Vendor
CVE Published:
8 November 2022

What is CVE-2022-41212?

The SAP NetWeaver Application Server ABAP and ABAP Platform are affected by an input validation vulnerability that allows attackers with elevated privileges to exploit a remote-enabled function. This flaw enables unauthorized access to restricted files, posing a serious threat to the confidentiality of sensitive application data. Organizations utilizing these platforms must address this vulnerability to maintain secure operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP NetWeaver Application Server ABAP and ABAP Platform = 700 = 700

SAP NetWeaver Application Server ABAP and ABAP Platform = 731 = 731

SAP NetWeaver Application Server ABAP and ABAP Platform = 804 = 804

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
https://launchpad.support.sap.com/#/notes/3256571

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.