Lucene search

[email protected]NVD:CVE-2022-41275

HistoryDec 13, 2022 - 4:15 a.m.

CVE-2022-41275

2022-12-1304:15:25

CWE-601

[email protected]

web.nvd.nist.gov

sap

solution manager

unauthenticated attacker

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.4%

JSON

In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.

Affected configurations

Nvd

Node

sapsolution_managerMatch740

sapsolution_managerMatch750

VendorProductVersionCPE
sapsolution_manager740cpe:2.3:a:sap:solution_manager:740:*:*:*:*:*:*:*
sapsolution_manager750cpe:2.3:a:sap:solution_manager:750:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	solution_manager	740	cpe:2.3:a:sap:solution_manager:740:::::::*
sap	solution_manager	750	cpe:2.3:a:sap:solution_manager:750:::::::*

References

launchpad.support.sap.com/#/notes/3271313

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.4%

JSON

Related for NVD:CVE-2022-41275

cvelist1 cve1 prion1