← back
CVE-2022-35293

CVE-2022-35293

CVSS 9.1 CRITICALEPSS 0.6%CWE-862
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.1EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
09 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
SAP SE · SAP Enable Now Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/3210566https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html