Published: 13/12/2022 Updated: 07/11/2023

CVSS v3 Base Score: 8.6 | Impact Score: 4.7 | Exploitability Score: 3.9

VMScore: 0

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the malicious user to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver process integration 7.50

Improper access control in SAP NetWeaver Process Integration

CVE-2022-41272 On this repository, we will briefly write information about the CVE-2022-41272 vulnerability The vulnerability exists on the SAP P4 service that runs on the 5NN04 port Where NN is an instance number, that can be from 00-99 There are remote call functions that an attacker can call without any authentication In the following image, you can see the patch release

CWE-862 https://launchpad.support.sap.com/#/notes/3273480 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html https://nvd.nist.gov https://github.com/redrays-io/CVE-2022-41272

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-41272

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect