Lucene search

K
cvelistSapCVELIST:CVE-2022-29613
HistoryMay 11, 2022 - 2:57 p.m.

CVE-2022-29613

2022-05-1114:57:56
CWE-20
sap
www.cve.org

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.

CNA Affected

[
  {
    "product": "SAP Employee Self Service (Fiori My Leave Request)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "605"
      }
    ]
  }
]

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

Related for CVELIST:CVE-2022-29613