CVE-2022-22535

CVE-2022-22535

Vendor Sap Se
Product SAP ERP HCM (Portugal)
Weakness CWE-862 · Missing authorization
Published February 9, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.

Key dates

02Disclosure timeline

February 9, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE