CVE-2022-41212

Summary

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 700affected
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 731affected
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 804affected
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 740affected
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 750affected
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 789affected

Weaknesses

  • CWE-22: CWE-22

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References