CVE-2022-22531

HIGH

SAP S/4HANA 100-106 - Authenticated Arbitrary File Upload and Script Execution in F0743 Create Single Payment

Title source: llm

Description

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.

References (2)

Core 2

Core References

Permissions Required x_refsource_misc

https://launchpad.support.sap.com/#/notes/3112928

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035

Scores

CVSS v3 8.1

EPSS 0.0037

EPSS Percentile 59.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

Status published

Products (7)

sap/s\/4hana 100

sap/s\/4hana 101

sap/s\/4hana 102

sap/s\/4hana 103

sap/s\/4hana 104

sap/s\/4hana 105

sap/s\/4hana 106

Published Jan 14, 2022

Tracked Since Feb 18, 2026