CVE-2022-41268

Published Dec 13, 2022

Last updated a year ago

CVSS high 7.5

Overview

Description: In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized transaction functionality. Under specific circumstances, a successful attack could enable an adversary to escalate their privileges to be able to read, change or delete system data.
Source: cna@sap.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 5.9
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

cna@sap.com: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:200:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "545A7B0D-B9E5-42AB-A81C-AC3C55E7ACDD"
          },
          {
            "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:300:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CB8F139-1227-4D4B-BDCF-7386D5F39FF3"
          },
          {
            "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:750:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F248836-5A9D-4DA8-9AAC-F71AD511DAF7"
          },
          {
            "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:751:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E9AD392-554A-4707-99F2-E9449E2232D6"
          },
          {
            "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:752:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60287C4F-7CA8-43B4-A054-5C63D5DA99BE"
          },
          {
            "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:753:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9A5ACFB-A152-445A-A5CD-33083DD726CD"
          },
          {
            "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:754:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B936DDDB-7B28-4A73-9A05-3BF403A9D95E"
          },
          {
            "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:755:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80834B1A-9FA7-4334-8D0F-6A0E001738A2"
          },
          {
            "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:756:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB2B93D3-F047-4318-ACAE-C16E5D515006"
          },
          {
            "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:757:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F55B649-4E0E-4D7A-89ED-B6313BBCA387"
          },
          {
            "criteria": "cpe:2.3:a:sap:business_planning_and_consolidation:810:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA754B06-A263-4B03-B350-96F507E2235B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References