VDB
CVE-2022-22540
CVE-2022-22540
PUBLISHED
CVSS 7.5 HIGH
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible.
EPSS 0.37% · 58.9th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.37%
58.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sap | netweaver_application_server_abap | 753, 701, 731 |
| SAP SE | SAP NetWeaver AS ABAP (Workplace Server) | 701, 702, 740 |
Exploit Intelligence
- https://launchpad.support.sap.com/#/notes/3140587 (circl)
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (circl)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
…and 137 more exploits
Timeline
- Jun 28, 2021 PoC Published
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 18, 2021 PoC Published
- Feb 8, 2022 CVE Published
- Feb 10, 2022 EPSS Score
- Apr 3, 2022 EPSS Score
- May 26, 2022 EPSS Score
- Jun 7, 2022 PoC Published
- Jul 18, 2022 EPSS Score
- Sep 9, 2022 EPSS Score
- Sep 16, 2022 PoC Published