CVE-2022-22542

Summary

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)104affected
SAP SESAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)105affected
SAP SESAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)106affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

References