Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3164677 | Permissions Required Vendor Advisory |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Information
Published : 2022-05-11 08:15
Updated : 2022-05-19 08:44
NVD link : CVE-2022-29613
Mitre link : CVE-2022-29613
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
sap
- employee_self_service