Lucene search

[email protected]NVD:CVE-2022-39801

HistorySep 13, 2022 - 4:15 p.m.

CVE-2022-39801

2022-09-1316:15:09

CWE-287

[email protected]

web.nvd.nist.gov

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

37.0%

JSON

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application.

Affected configurations

NVD

Node

sapaccess_controlMatch12

References

launchpad.support.sap.com/#/notes/3237075

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

37.0%

JSON

Related for NVD:CVE-2022-39801

prion1 cve1 cvelist1