Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2022-31597

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.

  • Published: Jul 12, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-31597
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.4
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

Software From Fixed in
sap / s/4hana 101 101.x
sap / s/4hana 102 102.x
sap / s/4hana 103 103.x
sap / s/4hana 104 104.x
sap / s/4hana 105 105.x
sap / s/4hana 106 106.x
sap / sapscore 127 127.x