CVE-2022-31589

Summary

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP ERP, localization for CEE countries.C-CEE 110_600affected
SAP SESAP ERP, localization for CEE countries.110_602affected
SAP SESAP ERP, localization for CEE countries.110_603affected
SAP SESAP ERP, localization for CEE countries.110_604affected
SAP SESAP ERP, localization for CEE countries.110_700affected
SAP SESAP FinancialsSAP_FIN 618affected
SAP SESAP Financials720affected
SAP SESAP S/4Hana CoreS4CORE 100affected
SAP SESAP S/4Hana Core101affected
SAP SESAP S/4Hana Core102affected
SAP SESAP S/4Hana Core103affected
SAP SESAP S/4Hana Core104affected
SAP SESAP S/4Hana Core105affected
SAP SESAP S/4Hana Core106affected
SAP SESAP S/4Hana Core107affected
SAP SESAP S/4Hana Core108affected

Weaknesses

  • CWE-863: CWE-863

ADP Enrichment

CVE Program Container

Additional References

References