CVE-2022-22531
N/A
N/A
Summary
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP S/4HANA | 100 | affected |
| SAP SE | SAP S/4HANA | 101 | affected |
| SAP SE | SAP S/4HANA | 102 | affected |
| SAP SE | SAP S/4HANA | 103 | affected |
| SAP SE | SAP S/4HANA | 104 | affected |
| SAP SE | SAP S/4HANA | 105 | affected |
| SAP SE | SAP S/4HANA | 106 | affected |
Weaknesses
- Cross-Site Scripting
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/3112928
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035
References
- https://launchpad.support.sap.com/#/notes/3112928
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.