← back
CVE-2022-29613

CVE-2022-29613

EPSS 0.7%CWE-20
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 May 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.
Affected products
SAP SE · SAP Employee Self Service (Fiori My Leave Request)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/3164677https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html