Rewterz Threat Advisory – CVE-2022-41266 – SAP Commerce Webservices Vulnerability
December 15, 2022Rewterz Threat Alert – BumbleBee Malware – Active IOCs
December 15, 2022Rewterz Threat Advisory – CVE-2022-41266 – SAP Commerce Webservices Vulnerability
December 15, 2022Rewterz Threat Alert – BumbleBee Malware – Active IOCs
December 15, 2022Severity
Medium
Analysis Summary
CVE-2022-41274
SAP Disclosure Management could allow a remote attacker to obtain sensitive information, caused by improper authorization validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain financial reports information, and use this information to launch further attacks against the affected system.
Impact
Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-41274
Affected Vendors
SAP
Affected Products
- SAP Disclosure Management 10.1
Remediation
Current SAP customers should refer to SAP for patch information, available from the SAP Website (login required).