Lucene search

[email protected]CVE-2022-41215

HistoryNov 08, 2022 - 10:15 p.m.

CVE-2022-41215

2022-11-0822:15:19

CWE-601

[email protected]

web.nvd.nist.gov

sap

netweaver

abap

server

platform

unauthenticated attacker

redirect

url validation

disclosure of personal information

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.7%

JSON

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

Affected configurations

NVD

Node

sapnetweaver_application_server_abapMatch700

sapnetweaver_application_server_abapMatch731

sapnetweaver_application_server_abapMatch740

sapnetweaver_application_server_abapMatch750

sapnetweaver_application_server_abapMatch789

CPENameOperatorVersion
sap:netweaver_application_server_abapsap netweaver application server abapeq700
sap:netweaver_application_server_abapsap netweaver application server abapeq731
sap:netweaver_application_server_abapsap netweaver application server abapeq740
sap:netweaver_application_server_abapsap netweaver application server abapeq750
sap:netweaver_application_server_abapsap netweaver application server abapeq789

CPE	Name	Operator	Version
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	700
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	731
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	740
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	750
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	789

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver ABAP Server and ABAP Platform",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "= 700"
      },
      {
        "status": "affected",
        "version": "= 731"
      },
      {
        "status": "affected",
        "version": "= 740"
      },
      {
        "status": "affected",
        "version": "= 750"
      },
      {
        "status": "affected",
        "version": "= 789"
      },
      {
        "status": "affected",
        "version": "= 701"
      },
      {
        "status": "affected",
        "version": "= 702"
      },
      {
        "status": "affected",
        "version": "= 751"
      },
      {
        "status": "affected",
        "version": "= 752"
      },
      {
        "status": "affected",
        "version": "= 753"
      },
      {
        "status": "affected",
        "version": "= 754"
      },
      {
        "status": "affected",
        "version": "= 755"
      },
      {
        "status": "affected",
        "version": "= 756"
      },
      {
        "status": "affected",
        "version": "= 757"
      },
      {
        "status": "affected",
        "version": "= 790"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3251202

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Social References

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.7%

JSON

Related for CVE-2022-41215

prion1 nvd1 cvelist1 nessus1