Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-41261 (GCVE-0-2022-41261)
Vulnerability from cvelistv5 – Published: 2022-12-12 21:24 – Updated: 2025-04-22 14:39
VLAI
EPSS
Summary
SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.
Severity
6 (Medium)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP | Solution Manager (Diagnostic Agent) |
Affected:
7.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:43.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3265173"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T14:39:28.373751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T14:39:41.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Solution Manager (Diagnostic Agent)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "7.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized."
}
],
"value": "SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T23:17:06.757Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/3265173"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-41261",
"datePublished": "2022-12-12T21:24:53.439Z",
"dateReserved": "2022-09-21T16:20:14.947Z",
"dateUpdated": "2025-04-22T14:39:41.529Z",
"requesterUserId": "048f1e0a-8756-40de-bd1f-51292c7183c7",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-41261",
"date": "2026-05-25",
"epss": "0.00046",
"percentile": "0.14421"
},
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF78CCAF-7998-4C44-AA4D-B443DBEDAB00\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.\"}, {\"lang\": \"es\", \"value\": \"SAP Solution Manager (Diagnostic Agent): versi\\u00f3n 7.20, permite que un atacante autenticado en un sistema Windows acceda a un archivo que contiene datos confidenciales que se pueden usar para acceder a un archivo de configuraci\\u00f3n que contiene credenciales para acceder a otros archivos del sistema. Una explotaci\\u00f3n exitosa puede hacer que el atacante acceda a archivos y sistemas para los que no est\\u00e1 autorizado.\"}]",
"id": "CVE-2022-41261",
"lastModified": "2024-11-21T07:22:56.140",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@sap.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
"published": "2022-12-12T22:15:10.250",
"references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/3265173\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/3265173\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cna@sap.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-41261\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2022-12-12T22:15:10.250\",\"lastModified\":\"2024-11-21T07:22:56.140\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.\"},{\"lang\":\"es\",\"value\":\"SAP Solution Manager (Diagnostic Agent): versi\u00f3n 7.20, permite que un atacante autenticado en un sistema Windows acceda a un archivo que contiene datos confidenciales que se pueden usar para acceder a un archivo de configuraci\u00f3n que contiene credenciales para acceder a otros archivos del sistema. Una explotaci\u00f3n exitosa puede hacer que el atacante acceda a archivos y sistemas para los que no est\u00e1 autorizado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF78CCAF-7998-4C44-AA4D-B443DBEDAB00\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/3265173\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3265173\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://launchpad.support.sap.com/#/notes/3265173\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:42:43.976Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41261\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T14:39:28.373751Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T14:39:35.147Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SAP\", \"product\": \"Solution Manager (Diagnostic Agent)\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.20\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://launchpad.support.sap.com/#/notes/3265173\"}, {\"url\": \"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284\"}]}], \"providerMetadata\": {\"orgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"shortName\": \"sap\", \"dateUpdated\": \"2022-12-12T23:17:06.757Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-41261\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-22T14:39:41.529Z\", \"dateReserved\": \"2022-09-21T16:20:14.947Z\", \"assignerOrgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"datePublished\": \"2022-12-12T21:24:53.439Z\", \"requesterUserId\": \"048f1e0a-8756-40de-bd1f-51292c7183c7\", \"assignerShortName\": \"sap\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2022-AVI-1101
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Sourcing and SAP Contract Lifecycle Management version 1100 | ||
| SAP | N/A | SAP Business Objects Business Intelligence Platform (Web intelligence) versions 420, 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420, 430 | ||
| SAP | N/A | SAP Commerce Webservices 2.0 (Swagger UI) versions 1905, 2005, 2105, 2011, 2205 | ||
| SAP | N/A | SAP NetWeaver Process Integration version 7.50 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Program Objects) versions 420, 430 | ||
| SAP | N/A | SAP NetWeaver AS pour Java (Http Provider Service) version 7.50 | ||
| SAP | N/A | SAP Solution Manager (Diagnostic Agent) version 7.20 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005, 2105, 2011, 2205 | ||
| SAP | N/A | SAP Solution Manager (Enterprise Search) versions 740, 750 | ||
| SAP | N/A | SAP Disclosure Management version 10.1 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0, 7.70 | ||
| SAP | N/A | SAP NetWeaver AS ABAP (Business ServerPages Test Application IT00) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757 | ||
| SAP | N/A | SAPUI5 versions 754, 755, 756, 757 | ||
| SAP | N/A | SAP Business Planning et Consolidation versions SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 8103229132 | ||
| SAP | N/A | SAPBASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791 | ||
| SAP | N/A | SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789, 790 | ||
| SAP | N/A | SAPUI5 CLIENT RUNTIME versions 600, 700, 800, 900, 1000 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Sourcing and SAP Contract Lifecycle Management version 1100",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Objects Business Intelligence Platform (Web intelligence) versions 420, 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce Webservices 2.0 (Swagger UI) versions 1905, 2005, 2105, 2011, 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Program Objects) versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS pour Java (Http Provider Service) version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Solution Manager (Diagnostic Agent) version 7.20",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005, 2105, 2011, 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Solution Manager (Enterprise Search) versions 740, 750",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Disclosure Management version 10.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0, 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP (Business ServerPages Test Application IT00) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions 754, 755, 756, 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Planning et Consolidation versions SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 8103229132",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPBASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789, 790",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 CLIENT RUNTIME versions 600, 700, 800, 900, 1000",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41266"
},
{
"name": "CVE-2022-41273",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41273"
},
{
"name": "CVE-2022-41272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41272"
},
{
"name": "CVE-2022-41263",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41263"
},
{
"name": "CVE-2022-41261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41261"
},
{
"name": "CVE-2022-41264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41264"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2022-41268",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41268"
},
{
"name": "CVE-2022-41275",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41275"
},
{
"name": "CVE-2022-41271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41271"
},
{
"name": "CVE-2020-6215",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6215"
},
{
"name": "CVE-2022-39013",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39013"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-41262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41262"
},
{
"name": "CVE-2022-41215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41215"
},
{
"name": "CVE-2022-41274",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41274"
},
{
"name": "CVE-2022-41267",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41267"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1101",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 13 d\u00e9cembre 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026todaysdate=2022-12-14"
}
]
}
CERTFR-2022-AVI-1101
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Sourcing and SAP Contract Lifecycle Management version 1100 | ||
| SAP | N/A | SAP Business Objects Business Intelligence Platform (Web intelligence) versions 420, 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420, 430 | ||
| SAP | N/A | SAP Commerce Webservices 2.0 (Swagger UI) versions 1905, 2005, 2105, 2011, 2205 | ||
| SAP | N/A | SAP NetWeaver Process Integration version 7.50 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Program Objects) versions 420, 430 | ||
| SAP | N/A | SAP NetWeaver AS pour Java (Http Provider Service) version 7.50 | ||
| SAP | N/A | SAP Solution Manager (Diagnostic Agent) version 7.20 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005, 2105, 2011, 2205 | ||
| SAP | N/A | SAP Solution Manager (Enterprise Search) versions 740, 750 | ||
| SAP | N/A | SAP Disclosure Management version 10.1 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0, 7.70 | ||
| SAP | N/A | SAP NetWeaver AS ABAP (Business ServerPages Test Application IT00) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757 | ||
| SAP | N/A | SAPUI5 versions 754, 755, 756, 757 | ||
| SAP | N/A | SAP Business Planning et Consolidation versions SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 8103229132 | ||
| SAP | N/A | SAPBASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791 | ||
| SAP | N/A | SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789, 790 | ||
| SAP | N/A | SAPUI5 CLIENT RUNTIME versions 600, 700, 800, 900, 1000 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Sourcing and SAP Contract Lifecycle Management version 1100",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Objects Business Intelligence Platform (Web intelligence) versions 420, 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce Webservices 2.0 (Swagger UI) versions 1905, 2005, 2105, 2011, 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Program Objects) versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS pour Java (Http Provider Service) version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Solution Manager (Diagnostic Agent) version 7.20",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005, 2105, 2011, 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Solution Manager (Enterprise Search) versions 740, 750",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Disclosure Management version 10.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0, 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP (Business ServerPages Test Application IT00) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions 754, 755, 756, 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Planning et Consolidation versions SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 8103229132",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPBASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789, 790",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 CLIENT RUNTIME versions 600, 700, 800, 900, 1000",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41266"
},
{
"name": "CVE-2022-41273",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41273"
},
{
"name": "CVE-2022-41272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41272"
},
{
"name": "CVE-2022-41263",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41263"
},
{
"name": "CVE-2022-41261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41261"
},
{
"name": "CVE-2022-41264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41264"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2022-41268",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41268"
},
{
"name": "CVE-2022-41275",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41275"
},
{
"name": "CVE-2022-41271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41271"
},
{
"name": "CVE-2020-6215",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6215"
},
{
"name": "CVE-2022-39013",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39013"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-41262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41262"
},
{
"name": "CVE-2022-41215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41215"
},
{
"name": "CVE-2022-41274",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41274"
},
{
"name": "CVE-2022-41267",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41267"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1101",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 13 d\u00e9cembre 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026todaysdate=2022-12-14"
}
]
}
BDU:2023-00151
Vulnerability from fstec - Published: 13.12.2022
VLAI
Title
Уязвимость инструмента Diagnostics Agent платформы управления программными средами SAP Solution Manager операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость инструмента Diagnostics Agent платформы управления программными средами SAP Solution Manager операционных систем Windows связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации
Severity
Vendor
SAP
Software Name
SAP Solution Manager
Software Version
7.20 (SAP Solution Manager)
Possible Mitigations
Использование рекомендаций:
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Reference
https://launchpad.support.sap.com/#/notes/3265173
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://nvd.nist.gov/vuln/detail/CVE-2022-41261
CWE
CWE-284
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "SAP",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.20 (SAP Solution Manager)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.12.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.01.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.01.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-00151",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-41261",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SAP Solution Manager",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 Diagnostics Agent \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u043c\u0438 \u0441\u0440\u0435\u0434\u0430\u043c\u0438 SAP Solution Manager \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 Diagnostics Agent \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u043c\u0438 \u0441\u0440\u0435\u0434\u0430\u043c\u0438 SAP Solution Manager \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://launchpad.support.sap.com/#/notes/3265173 \nhttps://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41261",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)"
}
FKIE_CVE-2022-41261
Vulnerability from fkie_nvd - Published: 2022-12-12 22:15 - Updated: 2024-11-21 07:22
Severity
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3265173 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3265173 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | solution_manager | 7.20 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AF78CCAF-7998-4C44-AA4D-B443DBEDAB00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized."
},
{
"lang": "es",
"value": "SAP Solution Manager (Diagnostic Agent): versi\u00f3n 7.20, permite que un atacante autenticado en un sistema Windows acceda a un archivo que contiene datos confidenciales que se pueden usar para acceder a un archivo de configuraci\u00f3n que contiene credenciales para acceder a otros archivos del sistema. Una explotaci\u00f3n exitosa puede hacer que el atacante acceda a archivos y sistemas para los que no est\u00e1 autorizado."
}
],
"id": "CVE-2022-41261",
"lastModified": "2024-11-21T07:22:56.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T22:15:10.250",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3265173"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3265173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "cna@sap.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-9G32-7V2H-HJ2X
Vulnerability from github – Published: 2022-12-13 00:30 – Updated: 2022-12-15 18:30
VLAI
Details
SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.
Severity
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2022-41261"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-12T22:15:00Z",
"severity": "MODERATE"
},
"details": "SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.",
"id": "GHSA-9g32-7v2h-hj2x",
"modified": "2022-12-15T18:30:25Z",
"published": "2022-12-13T00:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41261"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3265173"
},
{
"type": "WEB",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2022-41261
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-41261",
"id": "GSD-2022-41261"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-41261"
],
"details": "SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.",
"id": "GSD-2022-41261",
"modified": "2023-12-13T01:19:33.122819Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-41261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solution Manager (Diagnostic Agent)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized."
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-284",
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3265173",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3265173"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-41261"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3265173",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3265173"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-07-10T18:24Z",
"publishedDate": "2022-12-12T22:15Z"
}
}
}
WID-SEC-W-2022-2290
Vulnerability from csaf_certbund - Published: 2022-12-12 23:00 - Updated: 2023-05-31 22:00Summary
SAP Patchday Dezember 2022
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in der SAP-Software ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme: - UNIX
- Linux
- MacOS X
- Windows
- Sonstiges
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht öffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates für diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in der SAP-Software ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- MacOS X\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2290 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2290.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2290 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2290"
},
{
"category": "external",
"summary": "SAP Patchday December 2022 vom 2022-12-12",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=10"
}
],
"source_lang": "en-US",
"title": "SAP Patchday Dezember 2022",
"tracking": {
"current_release_date": "2023-05-31T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:39:42.216+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2290",
"initial_release_date": "2022-12-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-05-31T22:00:00.000+00:00",
"number": "2",
"summary": "CVE Nummern erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T016476",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-42889",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-42889"
},
{
"cve": "CVE-2022-41275",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41275"
},
{
"cve": "CVE-2022-41274",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41274"
},
{
"cve": "CVE-2022-41273",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41273"
},
{
"cve": "CVE-2022-41272",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41272"
},
{
"cve": "CVE-2022-41271",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41271"
},
{
"cve": "CVE-2022-41268",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41268"
},
{
"cve": "CVE-2022-41267",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41267"
},
{
"cve": "CVE-2022-41266",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41266"
},
{
"cve": "CVE-2022-41264",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41264"
},
{
"cve": "CVE-2022-41263",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41263"
},
{
"cve": "CVE-2022-41262",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41262"
},
{
"cve": "CVE-2022-41261",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41261"
},
{
"cve": "CVE-2022-41215",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-41215"
},
{
"cve": "CVE-2022-39013",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-39013"
},
{
"cve": "CVE-2022-35737",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-35737"
},
{
"cve": "CVE-2022-35299",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-35299"
},
{
"cve": "CVE-2022-32240",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-32240"
},
{
"cve": "CVE-2022-32235",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2022-32235"
},
{
"cve": "CVE-2020-6215",
"notes": [
{
"category": "description",
"text": "In den folgenden SAP-Anwendungskomponenten bestehen mehrere Schwachstellen, die nicht \u00f6ffentlich beschrieben wurden: SAP BusinessObjects Business Intelligence Platform, NetWeaver Process Integration, Commerce, BASIS, Business Planning and Consolidation, Disclosure Management, NetWeaver AS for Java, Solution Manager, Sourcing und Contract Lifecycle Management. Beschreibungen und Updates f\u00fcr diese Schwachstellen finden Sie in den SAP-Sicherheitshinweisen. Um einige dieser Schwachstellen auszunutzen, sind Benutzerinteraktion oder privilegierte Rechte erforderlich."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2022-12-12T23:00:00.000+00:00",
"title": "CVE-2020-6215"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…