CVE-2022-41274

SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can lead to the exposure of data like financial reports.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:disclosure_management:10.1:*:*:*:*:*:*:*

History

21 Nov 2024, 07:22

Type Values Removed Values Added
References () https://launchpad.support.sap.com/#/notes/3266846 - Permissions Required, Vendor Advisory () https://launchpad.support.sap.com/#/notes/3266846 - Permissions Required, Vendor Advisory
References () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
Summary
  • (es) SAP Disclosure Management: versión 10.1, permite a un atacante autenticado explotar ciertos endpoints de aplicaciones mal configurados para leer datos confidenciales. Estos endpoints normalmente están expuestos a través de la red y una explotación exitosa puede llevar a la exposición de datos como informes financieros.

Information

Published : 2022-12-13 04:15

Updated : 2024-11-21 07:22


NVD link : CVE-2022-41274

Mitre link : CVE-2022-41274

CVE.ORG link : CVE-2022-41274


JSON object : View

Products Affected

sap

  • disclosure_management
CWE
CWE-863

Incorrect Authorization