CVE-2022-22530

Published on: 01/14/2022 12:00:00 AM UTC

Last Modified on: 01/14/2022 09:37:00 PM UTC

null

Certain versions of SAP S/4HANA from SAP SE contain the following vulnerability:

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.

CVE References

Description Tags Link
SAP Security Patch Day – January 2022 - Product Security Response at SAP - Community Wiki wiki.scn.sap.com
text/html
URL Logo MISC wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035
No Description Provided launchpad.support.sap.com
text/html
URL Logo MISC launchpad.support.sap.com/#/notes/3112928

Known Affected Software

Vendor Product Version
SAP SE SAP_S/4HANA 100
SAP SE SAP_S/4HANA 101
SAP SE SAP_S/4HANA 102
SAP SE SAP_S/4HANA 103
SAP SE SAP_S/4HANA 104
SAP SE SAP_S/4HANA 105
SAP SE SAP_S/4HANA 106

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2022-22530 : The F0743 Create Single Payment application of #SAP S/4HANA - versions 100, 101, 102, 103, 104, 10… twitter.com/i/web/status/1… 2022-01-14 20:08:54
Twitter Icon @SecRiskRptSME RT: CVE-2022-22530 The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104,… twitter.com/i/web/status/1… 2022-01-15 08:33:52
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report