Lucene search

[email protected]NVD:CVE-2022-35293

HistoryAug 10, 2022 - 8:15 p.m.

CVE-2022-35293

2022-08-1020:15:53

CWE-862

[email protected]

web.nvd.nist.gov

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.002 Low

EPSS

Percentile

56.9%

JSON

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user’s account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.

Affected configurations

NVD

Node

sapenable_now_managerMatch1.0

References

launchpad.support.sap.com/#/notes/3210566

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.002 Low

EPSS

Percentile

56.9%

JSON

Related for NVD:CVE-2022-35293

prion1 cvelist1 cve1