VDB
CVE-2022-39801
CVE-2022-39801
PUBLISHED
CVSS 7.5 HIGH
SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application.
EPSS 0.40% · 61.3th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.40%
61.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sap | access_control | 12 |
| SAP SE | SAP GRC Access Control Emergency Access Management | V1100_700, V1200_750, V1100_731 |
Timeline
- Sep 13, 2022 CVE Published
- Sep 14, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 13, 2022 EPSS Score
- Jan 27, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 13, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 11, 2023 EPSS Score
- Jul 26, 2023 EPSS Score
- Sep 9, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
References
- https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=1&todaysdate=2022-09-14 advisory
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html url
- https://launchpad.support.sap.com/#/notes/3237075 url
- https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-39801 advisory