CVE-2022-41212
Last modified
CVE-2022-41212 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application.. EPSS estimates a 0.76% chance of exploitation in the next 30 days.
Description
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Application Server Abap | 700 |
| Sap | Netweaver Application Server Abap | 731 |
| Sap | Netweaver Application Server Abap | 740 |
| Sap | Netweaver Application Server Abap | 750 |
| Sap | Netweaver Application Server Abap | 789 |
| Sap | Netweaver Application Server Abap | 804 |
References
- https://launchpad.support.sap.com/#/notes/3256571Permissions Required, Vendor Advisory
- https://launchpad.support.sap.com/#/notes/3256571Permissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-41212?
How severe is CVE-2022-41212?
How do I fix CVE-2022-41212?
Are you affected by CVE-2022-41212?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST