CVE-2022-28771 — Vulnetix

CVE-2022-28771 PUBLISHED CVSS 7.5 HIGH

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible.

EPSS 0.67% · 71.6th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.67%

71.6th percentile

Affected Products

Vendor	Product	Versions
SAP SE	SAP Business One License service API	10.0
sap	business_one_license_service_api	10.0

Timeline

Jul 12, 2022 CVE Published
Jul 13, 2022 EPSS Score
Aug 30, 2022 EPSS Score
Oct 16, 2022 EPSS Score
Dec 2, 2022 EPSS Score
Jan 18, 2023 EPSS Score
Mar 6, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 22, 2023 EPSS Score
Jul 25, 2023 EPSS Score
Sep 10, 2023 EPSS Score
Oct 27, 2023 EPSS Score

References

https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html url
https://launchpad.support.sap.com/#/notes/3157613 url
https://nvd.nist.gov/vuln/detail/CVE-2022-28771 advisory

Open in Interactive Console →