Lucene search

K
cve[email protected]CVE-2022-39801
HistorySep 13, 2022 - 4:15 p.m.

CVE-2022-39801

2022-09-1316:15:09
CWE-287
web.nvd.nist.gov
22
7
cve-2022-39801
sap grc
access control
emergency access management
vulnerability
authentication
compromise

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application.

Affected configurations

NVD
Node
sapaccess_controlMatch12

CNA Affected

[
  {
    "product": "SAP GRC Access Control Emergency Access Management",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "V1100_700"
      },
      {
        "status": "affected",
        "version": "V1100_731"
      },
      {
        "status": "affected",
        "version": "V1200_750"
      }
    ]
  }
]

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

Related for CVE-2022-39801