CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-41273

Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. In order to perform this attack, the attacker sends an email to the victim with a manipulated link that appears to be a legitimate SAP Sourcing URL, since the victim doesn’t suspect the threat, they click on the link, log in to SAP Sourcing and CLM and at this point, they get redirected to a malicious website.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.4%

CVSS Severity

CVSS v3 Score 4.3

References

https://launchpad.support.sap.com/#/notes/3270399
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3270399
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Products affected by CVE-2022-41273

Sap » Contract Lifecycle Manager » Version: 1100

cpe:2.3:a:sap:contract_lifecycle_manager:1100
Sap » Sourcing » Version: 1100

cpe:2.3:a:sap:sourcing:1100

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41273

Products

Pricing

Contact Us