CVE-2022-31592

2022-07-1220:26:34

CWE-862

sap

www.cve.org

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality.

CNA Affected

[
  {
    "product": "SAP Enterprise Extension Defense Forces & Public Security (EA-DFPS)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "605"
      },
      {
        "status": "affected",
        "version": "606"
      },
      {
        "status": "affected",
        "version": "616"
      },
      {
        "status": "affected",
        "version": "617"
      },
      {
        "status": "affected",
        "version": "618"
      },
      {
        "status": "affected",
        "version": "802"
      },
      {
        "status": "affected",
        "version": "803"
      },
      {
        "status": "affected",
        "version": "804"
      },
      {
        "status": "affected",
        "version": "805"
      },
      {
        "status": "affected",
        "version": "806"
      }
    ]
  }
]