CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-29613

Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.1%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

https://launchpad.support.sap.com/#/notes/3164677
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3164677
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Products affected by CVE-2022-29613

Sap » Employee Self Service » Version: 605

cpe:2.3:a:sap:employee_self_service:605

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29613

Products

Pricing

Contact Us