CVE-2022-22534

{"id": "CVE-2022-22534", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-02-09T23:15:18.533", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3124994", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application."}, {"lang": "es", "value": "Debido a una codificaci\u00f3n insuficiente de la entrada del usuario, SAP NetWeaver permite a un atacante no autenticado inyectar c\u00f3digo que puede exponer datos confidenciales como el ID de usuario y la contrase\u00f1a. Estos endpoints est\u00e1n normalmente expuestos a trav\u00e9s de la red y una explotaci\u00f3n con \u00e9xito puede impactar parcialmente la confidencialidad de la aplicaci\u00f3n"}], "lastModified": "2022-10-27T01:10:54.553", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver:700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7FED49E-6F9A-494A-9226-1059249960A0"}, {"criteria": "cpe:2.3:a:sap:netweaver:701:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4836C36D-242F-4818-81B4-C170959D02F5"}, {"criteria": "cpe:2.3:a:sap:netweaver:702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A503ABF-8655-40D7-96AD-2D7F19A673AE"}, {"criteria": "cpe:2.3:a:sap:netweaver:731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A9D5C5A-6963-438B-B0EA-2A621A34D8A9"}, {"criteria": "cpe:2.3:a:sap:netweaver:740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFFA1591-0304-4FAE-A6A7-72D04D1F41A3"}, {"criteria": "cpe:2.3:a:sap:netweaver:750:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7940A9AF-308E-4CE5-BA19-7A3DCF49F644"}, {"criteria": "cpe:2.3:a:sap:netweaver:751:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C09428E4-45BB-414D-9F3D-AA5C73D2DD5E"}, {"criteria": "cpe:2.3:a:sap:netweaver:752:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ED0BA7D-939D-4B05-81A3-9F991C8C04F9"}, {"criteria": "cpe:2.3:a:sap:netweaver:753:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C2BF545-A7DC-4BB6-B894-D04CF163DD88"}, {"criteria": "cpe:2.3:a:sap:netweaver:754:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A75B2F18-60BE-41B5-82CB-520F794F2004"}, {"criteria": "cpe:2.3:a:sap:netweaver:755:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E31620E5-30FC-4545-A430-AAA77A66B51A"}, {"criteria": "cpe:2.3:a:sap:netweaver:756:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9724E131-9893-4630-96A2-EB6032D98C58"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}