CVE-2022-39801

Summary

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP GRC Access Control Emergency Access ManagementV1100_700affected
SAP SESAP GRC Access Control Emergency Access ManagementV1100_731affected
SAP SESAP GRC Access Control Emergency Access ManagementV1200_750affected

Weaknesses

  • CWE-287: CWE-287

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References