CVE-2022-41214

Summary

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 700affected
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 731affected
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 804affected
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 740affected
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 750affected
SAP SESAP NetWeaver Application Server ABAP and ABAP Platform= 789affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References