CVE-2022-22542

Name of the Vulnerable Software and Affected Versions S/4HANA (affected versions not specified)

Description The issue concerns the exposure of private address and bank details of an Employee Business Partner with Supplier Role through the S/4HANA Supplier Factsheet, as well as the exposure of private address fields of Employee Business Partners through Enterprise Search for Customer, Supplier, and Business Partner objects. This exposure occurs to actors not explicitly authorized to have access to this information, potentially compromising confidentiality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.