PT-2022-4654 · Sap · Sap Enterprise Extension Defense Forces & Public Security

Published

2022-05-24

Updated

2022-07-16

CVE-2022-31592

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SAP Enterprise Extension Defense Forces & Public Security versions 605 through 806

Description The issue is related to authorization errors in the software. It does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges. This can lead to a limited impact on confidentiality. Exploitation of the issue may allow a remote attacker to elevate their privileges.

Recommendations For versions 605 through 806, apply the necessary authorization checks to prevent escalation of privileges. As a temporary workaround, consider restricting network access to authenticated users until a proper fix is implemented.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

BDU:2022-05538

CVE-2022-31592

Affected Products

Sap Enterprise Extension Defense Forces & Public Security

PT-2022-4654 · Sap · Sap Enterprise Extension Defense Forces & Public Security

CVE-2022-31592

Weakness Enumeration

Related Identifiers

Affected Products

References · 6