CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39801
https://notcve.org/view.php?id=CVE-2022-39801
SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application. SAP GRC Access control Emergency Access Management permite a un atacante autenticado acceder a una sesión de Firefighter incluso después de haberla cerrado en Firefighter Logon Pad. Este ataque sólo puede lanzarse dentro del firewall. • https://launchpad.support.sap.com/#/notes/3237075 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44233
https://notcve.org/view.php?id=CVE-2021-44233
SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges. SAP GRC Access Control - versiones V1100_700, V1100_731, V1200_750, no lleva a cabo las comprobaciones de autorización necesarias para un usuario autenticado, lo que podría conllevar a una escalada de privilegios • https://launchpad.support.sap.com/#/notes/3080816 https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 • CWE-862: Missing Authorization •