CVE-2022-22531

🗓️ 14 Jan 2022 19:11:28Reported by sapType

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2022-22531	14 Jan 202220:15	–	attackerkb
CNNVD	SAP ERP 安全漏洞	11 Jan 202200:00	–	cnnvd
Cvelist	CVE-2022-22531	14 Jan 202219:11	–	cvelist
EUVD	EUVD-2022-27677	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	11 Jan 202200:00	–	ncsc
NCSC	Vulnerabilities fixed in SAP products	8 Feb 202200:00	–	ncsc
NVD	CVE-2022-22531	14 Jan 202220:15	–	nvd
Prion	Code injection	14 Jan 202220:15	–	prion
Positive Technologies	PT-2022-15501 · Sap · Sap S/4Hana	14 Jan 202200:00	–	ptsecurity
RedhatCVE	CVE-2022-22531	23 May 202500:44	–	redhatcve

NVD

Vulners

Node

sap s/4hanaMatch100

sap s/4hanaMatch101

sap s/4hanaMatch102

sap s/4hanaMatch103

sap s/4hanaMatch104

sap s/4hanaMatch105

sap s/4hanaMatch106

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP S/4HANA",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "100"
      },
      {
        "status": "affected",
        "version": "101"
      },
      {
        "status": "affected",
        "version": "102"
      },
      {
        "status": "affected",
        "version": "103"
      },
      {
        "status": "affected",
        "version": "104"
      },
      {
        "status": "affected",
        "version": "105"
      },
      {
        "status": "affected",
        "version": "106"
      }
    ]
  }
]

Source	Link
launchpad	www.launchpad.support.sap.com/
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action

24 Feb 2026 20:22Current

8High risk

Vulners AI Score8

CVSS 25.5

CVSS 3.18.1

EPSS0.00373