CVE-2022-22542 Information

Description

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role AND Enterprise Search for Customer Supplier and Business Partner objects exposes the private address fields of Employee Business Partners to an actor that is not explicitly authorized to have access to that information which could compromise Confidentiality.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://launchpad.support.sap.com/#/notes/3142092 https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5