CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-31589
https://notcve.org/view.php?id=CVE-2022-31589
14 Jun 2022 — Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. Debido a una comprobación inapropiada de la autorización, a los usuarios de la empresa usando el programa Israeli File from SHAAM (transacción /ATL/VQ23), les es concedida más autorización de la necesaria para llevar a cabo determi... • https://launchpad.support.sap.com/#/notes/3203065 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22542
https://notcve.org/view.php?id=CVE-2022-22542
09 Feb 2022 — S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality. S/4HANA Supplier Factsheet expone la dirección privada y los datos bancarios de un Business Partner empleado con rol de provee... • https://launchpad.support.sap.com/#/notes/3142092 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-22531
https://notcve.org/view.php?id=CVE-2022-22531
14 Jan 2022 — The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified. La aplicación F0743 Create Single Payment de SAP S/4HANA - versiones 100, 101, 102, 103, 104, 105, 106, no comprueba los archivos cargados o descargados. Esto permite a un atacante con derechos de usuario básicos ejecutar... • https://launchpad.support.sap.com/#/notes/3112928 •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-22530
https://notcve.org/view.php?id=CVE-2022-22530
14 Jan 2022 — The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application. La aplicación F0743 Create Single Payment de SAP S/4HANA - versiones 100, 101, 102, 103, 104, 105, 106, no comprueba los archivos cargados o descarga... • https://launchpad.support.sap.com/#/notes/3112928 •