Vulnerability Details CVE-2022-31589
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2022-31589
-
cpe:2.3:a:sap:erp_financial_accounting:618
-
cpe:2.3:a:sap:erp_financial_accounting:720
-
cpe:2.3:a:sap:erp_localization_for_cee_countries:c-cee_110_600
-
cpe:2.3:a:sap:erp_localization_for_cee_countries:c-cee_110_602
-
cpe:2.3:a:sap:erp_localization_for_cee_countries:c-cee_110_603
-
cpe:2.3:a:sap:erp_localization_for_cee_countries:c-cee_110_604
-
cpe:2.3:a:sap:erp_localization_for_cee_countries:c-cee_110_700
-
cpe:2.3:a:sap:s/4hana:100
-
cpe:2.3:a:sap:s/4hana:101
-
cpe:2.3:a:sap:s/4hana:102
-
cpe:2.3:a:sap:s/4hana:103
-
cpe:2.3:a:sap:s/4hana:104
-
cpe:2.3:a:sap:s/4hana:105
-
cpe:2.3:a:sap:s/4hana:106
-
cpe:2.3:a:sap:s/4hana:107
-
cpe:2.3:a:sap:s/4hana:108