Unrated severityNVD Advisory· Published Jul 27, 2022· Updated Aug 3, 2024
Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)
CVE-2022-35291
Description
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successful exploitation, the attacker can read/write attachments. Thus, compromising the confidentiality and integrity of the application
Affected products
2- SAP SuccessFactors/SAP SuccessFactors Mobile Application for Android & iOS devicesv5Range: unspecified
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.