Lucene search

SapCVELIST:CVE-2022-41207

HistoryNov 08, 2022 - 12:00 a.m.

CVE-2022-41207

2022-11-0800:00:00

CWE-601

sap

www.cve.org

sap biller direct

unauthenticated attacker

legitimate looking url

unsensitized parameter

malicious site

disclosure

modification

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.7%

JSON

SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker’s choosing which can result in disclosure or modification of the victim’s information.

CNA Affected

[
  {
    "vendor": "SAP SE",
    "product": "SAP Biller Direct",
    "versions": [
      {
        "version": "= 635",
        "status": "affected"
      },
      {
        "version": "= 750",
        "status": "affected"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3238042

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.7%

JSON

Related for CVELIST:CVE-2022-41207