S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3142092 | Permissions Required Vendor Advisory |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-02-09 15:15
Updated : 2022-10-26 06:57
NVD link : CVE-2022-22542
Mitre link : CVE-2022-22542
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
sap
- s\/4hana