Unrated severityNVD Advisory· Published May 11, 2022· Updated Aug 3, 2024
CVE-2022-29613
CVE-2022-29613
Description
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.
Affected products
2- SAP SE/SAP Employee Self Service (Fiori My Leave Request)v5Range: 605
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.