Lucene search

[email protected]NVD:CVE-2022-41207

HistoryNov 08, 2022 - 10:15 p.m.

CVE-2022-41207

2022-11-0822:15:17

CWE-601

[email protected]

web.nvd.nist.gov

sap biller direct

unauthenticated

url redirect

vulnerability

disclosure

modification

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.7%

JSON

SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker’s choosing which can result in disclosure or modification of the victim’s information.

Affected configurations

NVD

Node

sapbiller_directMatch635

sapbiller_directMatch750

References

launchpad.support.sap.com/#/notes/3238042

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.7%

JSON

Related for NVD:CVE-2022-41207

cve1 prion1 cvelist1