Sign-up

ID

VAR-202212-1493


CVE

CVE-2022-41271


TITLE

SAP  of  SAP NetWeaver Process Integration  Vulnerability regarding lack of authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023247

DESCRIPTION

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection . SAP of SAP NetWeaver Process Integration Exists in a vulnerability related to the lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-41271 // JVNDB: JVNDB-2022-023247

AFFECTED PRODUCTS

vendor:sapmodel:netweaver process integrationscope:eqversion:7.50

Trust: 1.8

vendor:sapmodel:netweaver process integrationscope: - version: -

Trust: 0.8

vendor:sapmodel:netweaver process integrationscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023247 // NVD: CVE-2022-41271

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-41271
value: CRITICAL

Trust: 1.0

cna@sap.com: CVE-2022-41271
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-41271
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202212-2959
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-41271
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.5
version: 3.1

Trust: 2.0

NVD: CVE-2022-41271
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023247 // CNNVD: CNNVD-202212-2959 // NVD: CVE-2022-41271 // NVD: CVE-2022-41271

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-89

Trust: 1.0

problemtype:Lack of authentication (CWE-862) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023247 // NVD: CVE-2022-41271

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2959

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2959

PATCH

title:SAP NetWeaver Process Integration Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=217790

Trust: 0.6

sources: CNNVD: CNNVD-202212-2959

EXTERNAL IDS

db:NVDid:CVE-2022-41271

Trust: 3.2

db:JVNDBid:JVNDB-2022-023247

Trust: 0.8

db:CNNVDid:CNNVD-202212-2959

Trust: 0.6

sources: JVNDB: JVNDB-2022-023247 // CNNVD: CNNVD-202212-2959 // NVD: CVE-2022-41271

REFERENCES

url:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Trust: 2.4

url:https://launchpad.support.sap.com/#/notes/3267780

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-41271

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-41271/

Trust: 0.6

url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-de-decembre-2021-40078

Trust: 0.6

sources: JVNDB: JVNDB-2022-023247 // CNNVD: CNNVD-202212-2959 // NVD: CVE-2022-41271

SOURCES

db:JVNDBid:JVNDB-2022-023247
db:CNNVDid:CNNVD-202212-2959
db:NVDid:CVE-2022-41271

LAST UPDATE DATE

2024-08-14T15:11:09.979000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-023247date:2023-11-28T03:09:00
db:CNNVDid:CNNVD-202212-2959date:2022-12-16T00:00:00
db:NVDid:CVE-2022-41271date:2023-11-07T03:52:45.510

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-023247date:2023-11-28T00:00:00
db:CNNVDid:CNNVD-202212-2959date:2022-12-13T00:00:00
db:NVDid:CVE-2022-41271date:2022-12-13T03:15:09.743