CVE-2022-31595

Published Jun 14, 2022

Last updated a year ago

CVSS high 8.8

Overview

Description: SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Source: cna@sap.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

cna@sap.com: CWE-862
nvd@nist.gov: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:kernel_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3CD2B89-529A-42AF-9D95-B941FE4AD3AB"
          },
          {
            "criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:kernel_7.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F14F52D-ED6A-41B5-A61B-6461798ADDD5"
          },
          {
            "criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:kernel_7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A63B82A1-55BF-4913-86BE-9121D56797AA"
          },
          {
            "criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:krnl64nuc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C904D299-C399-476D-BE9E-56DAC7B1E718"
          },
          {
            "criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBBBDB1C-4239-41A4-B034-E53CD1F69A9E"
          },
          {
            "criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:krnl64nuc_7.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "840625C4-5559-4AF1-ACE0-6707D24C7B46"
          },
          {
            "criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:krnl64uc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1249F7C9-B1B6-416C-BE53-F3D287CB0BC1"
          },
          {
            "criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:krnl64uc_7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8CE737A-756A-4C35-AB42-3FAD29EFDCC2"
          },
          {
            "criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:krnl64uc_7.49:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0A159CF-3B10-4128-BF63-4503F808525E"
          },
          {
            "criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:krnl64uc_7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC060328-4D15-4EFB-A9E0-E085C9B18B86"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References