Sign-up

ID

VAR-202202-0560


CVE

CVE-2022-22540


TITLE

SAP NetWeaver AS SQL Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-13358 // CNNVD: CNNVD-202202-558

DESCRIPTION

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. SAP NetWeaver AS ABAP for, SQL There is an injection vulnerability.Information may be obtained. SAP NetWeaver AS is a SAP network application server from the German company SAP. It can not only provide network services, but also the basic platform of SAP software. A SQL injection vulnerability exists in SAP NetWeaver AS, which can be exploited by attackers to compromise vulnerable systems, including Business Objects, SAP CRM Web Channel, SAP CRM, SAP ERP, NetWeaver, ASE

Trust: 2.25

sources: NVD: CVE-2022-22540 // JVNDB: JVNDB-2022-005414 // CNVD: CNVD-2022-13358 // VULMON: CVE-2022-22540

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-13358

AFFECTED PRODUCTS

vendor:sapmodel:netweaver application server abapscope:eqversion:787

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:755

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:752

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:754

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:740

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:751

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:701

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:753

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:731

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:750

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:756

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:700

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:702

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope: - version: -

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion: -

Trust: 0.8

vendor:sapmodel:netweaver as abapscope:eqversion:702

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:731

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:740

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:750

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:751

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:700

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:701

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:752

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:753

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:754

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:755

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:756

Trust: 0.6

vendor:sapmodel:netweaver as abapscope:eqversion:787

Trust: 0.6

sources: CNVD: CNVD-2022-13358 // JVNDB: JVNDB-2022-005414 // NVD: CVE-2022-22540

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22540
value: HIGH

Trust: 1.0

NVD: CVE-2022-22540
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-13358
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202202-558
value: HIGH

Trust: 0.6

VULMON: CVE-2022-22540
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22540
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-13358
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-22540
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-22540
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-13358 // VULMON: CVE-2022-22540 // JVNDB: JVNDB-2022-005414 // CNNVD: CNNVD-202202-558 // NVD: CVE-2022-22540

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

problemtype:SQL injection (CWE-89) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005414 // NVD: CVE-2022-22540

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-558

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202202-558

PATCH

title:SAP Security Patch Day - May 2023url:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Trust: 0.8

title:Patch for SAP NetWeaver AS SQL Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/321361

Trust: 0.6

title:SAP NetWeaver AS SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=181719

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-22540

Trust: 0.1

sources: CNVD: CNVD-2022-13358 // VULMON: CVE-2022-22540 // JVNDB: JVNDB-2022-005414 // CNNVD: CNNVD-202202-558

EXTERNAL IDS

db:NVDid:CVE-2022-22540

Trust: 3.9

db:JVNDBid:JVNDB-2022-005414

Trust: 0.8

db:CNVDid:CNVD-2022-13358

Trust: 0.6

db:CNNVDid:CNNVD-202202-558

Trust: 0.6

db:VULMONid:CVE-2022-22540

Trust: 0.1

sources: CNVD: CNVD-2022-13358 // VULMON: CVE-2022-22540 // JVNDB: JVNDB-2022-005414 // CNNVD: CNNVD-202202-558 // NVD: CVE-2022-22540

REFERENCES

url:https://launchpad.support.sap.com/#/notes/3140587

Trust: 1.7

url:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-22540

Trust: 1.4

url:https://wiki.scn.sap.com/wiki/display/psr/sap+security+patch+day+-+february+2022

Trust: 0.6

url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-de-decembre-2021-37478

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/89.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2022-22540

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-13358 // VULMON: CVE-2022-22540 // JVNDB: JVNDB-2022-005414 // CNNVD: CNNVD-202202-558 // NVD: CVE-2022-22540

SOURCES

db:CNVDid:CNVD-2022-13358
db:VULMONid:CVE-2022-22540
db:JVNDBid:JVNDB-2022-005414
db:CNNVDid:CNNVD-202202-558
db:NVDid:CVE-2022-22540

LAST UPDATE DATE

2024-11-23T21:50:41.686000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-13358date:2022-02-23T00:00:00
db:VULMONid:CVE-2022-22540date:2022-10-05T00:00:00
db:JVNDBid:JVNDB-2022-005414date:2023-05-30T08:12:00
db:CNNVDid:CNNVD-202202-558date:2022-08-25T00:00:00
db:NVDid:CVE-2022-22540date:2024-11-21T06:46:59.310

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-13358date:2022-02-22T00:00:00
db:VULMONid:CVE-2022-22540date:2022-02-09T00:00:00
db:JVNDBid:JVNDB-2022-005414date:2023-05-30T00:00:00
db:CNNVDid:CNNVD-202202-558date:2022-02-08T00:00:00
db:NVDid:CVE-2022-22540date:2022-02-09T23:15:18.817