CVE-2022-31589 vulnerability in SAP Products
Published on June 14, 2022
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2022-31589 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2022-31589
Want to know whenever a new CVE is published for SAP products? stack.watch will email you.
Affected Versions
SAP SE SAP ERP, localization for CEE countries.:- Version C-CEE 110_600 is affected.
- Version 110_602 is affected.
- Version 110_603 is affected.
- Version 110_604 is affected.
- Version 110_700 is affected.
- Version SAP_FIN 618 is affected.
- Version 720 is affected.
- Version S4CORE 100 is affected.
- Version 101 is affected.
- Version 102 is affected.
- Version 103 is affected.
- Version 104 is affected.
- Version 105 is affected.
- Version 106 is affected.
- Version 107 is affected.
- Version 108 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.