CVE-2022-22542
MEDIUMSAP S/4HANA - Exposure of Sensitive Employee Business Partner Data via Supplier Factsheet and Enterprise Search
Title source: llmDescription
S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3142092
Vendor Advisory x_refsource_misc
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Scores
CVSS v3
6.5
EPSS
0.0070
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
sap/s\/4hana
104
sap/s\/4hana
105
sap/s\/4hana
106
Published
Feb 09, 2022
Tracked Since
Feb 18, 2026