Lucene search

K
cve[email protected]CVE-2022-41215
HistoryNov 08, 2022 - 10:15 p.m.

CVE-2022-41215

2022-11-0822:15:19
CWE-601
web.nvd.nist.gov
40
6
sap
netweaver
abap
server
platform
unauthenticated attacker
redirect
url validation
disclosure of personal information

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.4%

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

Affected configurations

NVD
Node
sapnetweaver_application_server_abapMatch700
OR
sapnetweaver_application_server_abapMatch731
OR
sapnetweaver_application_server_abapMatch740
OR
sapnetweaver_application_server_abapMatch750
OR
sapnetweaver_application_server_abapMatch789

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver ABAP Server and ABAP Platform",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "= 700"
      },
      {
        "status": "affected",
        "version": "= 731"
      },
      {
        "status": "affected",
        "version": "= 740"
      },
      {
        "status": "affected",
        "version": "= 750"
      },
      {
        "status": "affected",
        "version": "= 789"
      },
      {
        "status": "affected",
        "version": "= 701"
      },
      {
        "status": "affected",
        "version": "= 702"
      },
      {
        "status": "affected",
        "version": "= 751"
      },
      {
        "status": "affected",
        "version": "= 752"
      },
      {
        "status": "affected",
        "version": "= 753"
      },
      {
        "status": "affected",
        "version": "= 754"
      },
      {
        "status": "affected",
        "version": "= 755"
      },
      {
        "status": "affected",
        "version": "= 756"
      },
      {
        "status": "affected",
        "version": "= 757"
      },
      {
        "status": "affected",
        "version": "= 790"
      }
    ]
  }
]

Social References

More

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.4%

Related for CVE-2022-41215