Rewterz Threat Advisory – CVE-2022-41259 – SAP SQL Anywhere Vulnerability
November 11, 2022Rewterz Threat Advisory – CVE-2022-41203 – SAP BusinessObjects BI Platform Vulnerability
November 11, 2022Rewterz Threat Advisory – CVE-2022-41259 – SAP SQL Anywhere Vulnerability
November 11, 2022Rewterz Threat Advisory – CVE-2022-41203 – SAP BusinessObjects BI Platform Vulnerability
November 11, 2022Severity
Medium
Analysis Summary
CVE-2022-41212 CVSS:4.9
SAP NetWeaver Application Server ABAP and ABAP Platform could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
CVE-2022-41215 CVSS:4.7
SAP NetWeaver ABAP Server and ABAP Platform could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2022-41212
- CVE-2022-41215
Affected Vendors
SAP
Affected Products
- SAP NetWeaver AS ABAP 700
- SAP NetWeaver AS ABAP 731
- SAP NetWeaver AS ABAP 740
- SAP NetWeaver AS ABAP 750
Remediation
Current SAP customers should refer to SAP Security Advisory for patch information, available from the SAP Web site (login required).