CVE-2022-31597 vulnerability in SAP Products
Published on July 12, 2022
Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2022-31597 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2022-31597
stack.watch emails you whenever new vulnerabilities are published in SAP S4hana or Sapscore. Just hit a watch button to start following.
Affected Versions
SAP SE SAP S/4HANA:- Version S4CORE 101 is affected.
- Version 102 is affected.
- Version 103 is affected.
- Version 104 is affected.
- Version 105 is affected.
- Version 106 is affected.
- Version SAPSCORE 127 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.