Lucene search

K
cvelistSapCVELIST:CVE-2022-29613
HistoryMay 11, 2022 - 2:57 p.m.

CVE-2022-29613

2022-05-1114:57:56
CWE-20
sap
www.cve.org
sap employee self service
input validation
authenticated attacker
employee number alteration
confidentiality impact

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

22.7%

Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.

CNA Affected

[
  {
    "product": "SAP Employee Self Service (Fiori My Leave Request)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "605"
      }
    ]
  }
]

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

22.7%

Related for CVELIST:CVE-2022-29613