CVE-2022-22530

Name of the Vulnerable Software and Affected Versions SAP S/4HANA versions 100 through 106

Description The F0743 Create Single Payment application does not check uploaded or downloaded files, allowing an attacker with basic user rights to inject dangerous content or malicious code. This could result in critical information being modified or completely compromise the availability of the application.

Recommendations For versions 100 through 106, consider implementing file checking mechanisms for uploaded and downloaded files to prevent malicious code injection. As a temporary workaround, restrict access to file uploads and downloads to minimize the risk of exploitation.