CVE-2022-31597 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-31597 PUBLISHED CVSS 5.5 MEDIUM

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.

EPSS 0.14% · 34.6th percentile

Risk Scores

CVSS v2.0

5.5

EPSS Score

0.14%

34.6th percentile

Affected Products

Vendor	Product	Versions
sap	s\/4hana	101, 102, 103
SAP SE	SAP S/4HANA	SAPSCORE 127, S4CORE 101, 102
sap	sapscore	127

Timeline

Jul 12, 2022 CVE Published
Jul 13, 2022 EPSS Score
Aug 30, 2022 EPSS Score
Oct 15, 2022 EPSS Score
Dec 1, 2022 EPSS Score
Jan 16, 2023 EPSS Score
Mar 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 19, 2023 EPSS Score
Jun 5, 2023 EPSS Score
Jul 21, 2023 EPSS Score
Sep 6, 2023 EPSS Score

References

Open in Interactive Console →