CVE-2022-35293

Summary

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Enable Now Manager1.0affected

Weaknesses

  • CWE-862: CWE-862

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References