QwikSec

Security Database

CVE

CWE

Training

CVE-2022-22542

Published: Feb 9, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.

Vendor	Product	Versions
SAP SE	SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)	affected `104` affected `105` affected `106`

Weaknesses (CWE)

References

https://launchpad.support.sap.com/#/notes/3142092

x_refsource_MISC

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.