Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2022-22542

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.

  • Published: Feb 10, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-22542
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
sap / s/4hana 104 104.x
sap / s/4hana 105 105.x
sap / s/4hana 106 106.x