CVE-2022-22530
N/A
N/A
Summary
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP S/4HANA | 100 | affected |
| SAP SE | SAP S/4HANA | 101 | affected |
| SAP SE | SAP S/4HANA | 102 | affected |
| SAP SE | SAP S/4HANA | 103 | affected |
| SAP SE | SAP S/4HANA | 104 | affected |
| SAP SE | SAP S/4HANA | 105 | affected |
| SAP SE | SAP S/4HANA | 106 | affected |
Weaknesses
- Code Injection
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/3112928
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035
References
- https://launchpad.support.sap.com/#/notes/3112928
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.