CVE-2022-41274

Name of the Vulnerable Software and Affected Versions SAP Disclosure Management version 10.1

Description The issue allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data, such as financial reports. These endpoints are normally exposed over the network, and successful exploitation can lead to the exposure of sensitive information. The vulnerability is related to authorization errors, which can allow a remote attacker to gain unauthorized access to protected information.

Recommendations For SAP Disclosure Management version 10.1, consider restricting access to the misconfigured application endpoints to minimize the risk of exploitation. As a temporary workaround, review and correct the configuration of these endpoints to prevent unauthorized access. Ensure that all endpoints are properly secured and only accessible to authorized personnel. At the moment, there is no information about a newer version that contains a fix for this vulnerability.