CVE-2022-35291

Name of the Vulnerable Software and Affected Versions SAP SuccessFactors (affected versions not specified)

Description The issue is related to misconfigured application endpoints in SAP SuccessFactors attachment APIs, allowing attackers with user privileges to perform activities with admin privileges over the network. These APIs are used in the SF Mobile application for various modules, including Time Off, Time Sheet, EC Workflow, and Benefits. Successful exploitation can lead to an attacker being able to read and write attachments, compromising the confidentiality and integrity of the application. The vulnerability is also associated with inadequate access control in the implementation of these modules in the SAP SuccessFactors Mobile platform for Android and iOS operating systems, which can allow a remote attacker to elevate their privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.