CVE-2022-22542

Name: CVE-2022-22542
Creator: NVD / NIST
Published: 2022-02-09T23:15:18.863+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 1.03%

Last modified Jun 17, 2026

CVE-2022-22542 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.. EPSS estimates a 1.03% chance of exploitation in the next 30 days.

Description

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

1.03%

59.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Sap	S\/4hana	104
Sap	S\/4hana	105
Sap	S\/4hana	106

References

https://launchpad.support.sap.com/#/notes/3142092Permissions Required, Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
https://launchpad.support.sap.com/#/notes/3142092Permissions Required, Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory

Timeline

Published: Feb 9, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-22542?

How severe is CVE-2022-22542?

CVE-2022-22542 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 1.03% probability of exploitation in the next 30 days.

How do I fix CVE-2022-22542?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-22542?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST