CVE-2022-29613

Summary

Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Employee Self Service (Fiori My Leave Request)605affected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

References