Lucene search

SapCVELIST:CVE-2022-41275

HistoryDec 13, 2022 - 3:14 a.m.

CVE-2022-41275

2022-12-1303:14:09

CWE-601

sap

www.cve.org

sap

solution manager

security

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Solution Manager (Enterprise Search)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "740"
      },
      {
        "status": "affected",
        "version": "750"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3271313

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Related for CVELIST:CVE-2022-41275