CVE-2022-22542

{"id": "CVE-2022-22542", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-02-09T23:15:18.863", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3142092", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality."}, {"lang": "es", "value": "S/4HANA Supplier Factsheet expone la direcci\u00f3n privada y los datos bancarios de un Business Partner empleado con rol de proveedor, Y Enterprise Search for Customer, Supplier and Business Partner objects expone los campos de direcci\u00f3n privada de los Business Partners empleados, a un actor que no est\u00e1 expl\u00edcitamente autorizado a tener acceso a esa informaci\u00f3n, lo que podr\u00eda comprometer la Confidencialidad"}], "lastModified": "2022-10-26T13:57:50.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:s\\/4hana:104:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14A540DA-F234-4EEA-ADE8-4F6306A86C1E"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana:105:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "088EF501-76F9-44EC-B8B9-AED6F6096C03"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana:106:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0023602-B509-4B20-9B29-20EEE88E1692"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}