CVE-2022-22534

EPSS 0.8%

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

09 feb 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.

Productos afectados

SAP SE · SAP NetWeaver (ABAP and Java application Servers)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://launchpad.support.sap.com/#/notes/3124994 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html