CVE-2022-22530
HIGHSAP S/4HANA - F0743 Create Single Payment - Code Injection
Title source: llmDescription
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.
References (2)
Core 2
Core References
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3112928
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035
Scores
CVSS v3
8.1
EPSS
0.0049
EPSS Percentile
65.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Details
Status
published
Products (7)
sap/s\/4hana
100
sap/s\/4hana
101
sap/s\/4hana
102
sap/s\/4hana
103
sap/s\/4hana
104
sap/s\/4hana
105
sap/s\/4hana
106
Published
Jan 14, 2022
Tracked Since
Feb 18, 2026