CVE-2022-41214 HIGH

CVE-2022-41214

Vendor Sap Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Weakness CWE-20 · Input validation

Published November 8, 2022

Last update May 1, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application.

Key dates

02Disclosure timeline

November 8, 2022 CVE published

May 1, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-41214

Related vulnerabilities

Identifiers

CVE CVE-2022-41214

CWE CWE-20

CVSS 8.7 / HIGH

Affected versions

Vendor Sap Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Affected = 700

Vendor Sap Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Affected = 731

Vendor Sap Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Affected = 804

Vendor Sap Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Affected = 740

Vendor Sap Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Affected = 750

Vendor Sap Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Affected = 789

CVE-2022-41214

01Description

02Disclosure timeline

03References

04Related CVE