CVE-2022-26102

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.

Debido a una falta de comprobación de la autorización, SAP NetWeaver Application Server for ABAP - versiones 700, 701, 702, 731, permite a un atacante autenticado, acceder al contenido de la pantalla de inicio de cualquier transacción que esté disponible con en el mismo sistema SAP, incluso si él / ella no está autorizado para esa transacción. Una explotación con éxito podría exponer información y, en el peor de los casos, manipular datos antes de que sea ejecutada la pantalla de inicio, lo que tendría un impacto limitado en la confidencialidad e integridad de la aplicación

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-02-25 CVE Reserved
2022-03-08 CVE Published
2023-09-29 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-862: Missing Authorization

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10	2022-10-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				700 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "700"		-		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				701 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "701"		-		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				702 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "702"		-		Affected
Sap Search vendor "Sap"		Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap"				731 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "731"		-		Affected