CVE-2022-41264

Published Dec 13, 2022

Last updated a year ago

CVSS high 8.8

Overview

Description: Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation the attacker can have full control of the system to which the class belongs, causing a high impact on the integrity of the application.
Source: cna@sap.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

cna@sap.com: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:basis:7.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AC2D764-A795-4FBC-95AF-D212B8E51991"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B469CB1A-3AF3-4824-A185-A46A63DBABBE"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56852389-A9A8-42DB-A471-10C1990502FF"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.51:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "594CB284-78FF-491F-BAF6-390E7D4D5DBE"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.52:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7ACA030-9C6A-47D3-A7D9-899753870241"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "893979E3-40EB-4847-A39B-F548F3000F89"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.54:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "977F2126-AB92-47D0-B7D4-314D468AC497"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.55:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE7ABA91-2E83-4135-B543-C4BC04E67BA1"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.56:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7881EFCE-EA98-4513-BBE2-B1728D3EBE61"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.57:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E924B0F0-B319-4B8A-8436-4A9E4657D5AB"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.89:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "400C963C-15B3-45DC-BF72-1AD59099DB87"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.90:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E13804DE-69D3-4F43-BC97-5BE7D79854E5"
          },
          {
            "criteria": "cpe:2.3:a:sap:basis:7.91:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9076C5C4-CE37-4D6D-B271-DB41166C1337"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References