Lucene search

SapCVELIST:CVE-2022-41205

HistoryNov 08, 2022 - 12:00 a.m.

CVE-2022-41205

2022-11-0800:00:00

CWE-94

sap

www.cve.org

sap gui

authenticated attacker

script execution

local network

registries

confidentiality

availability

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP GUI for Windows",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "= 7.70"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3237251

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2022-41205