← Voltar para CVEs
CVE-2022-28771
HIGH7.5
Descricao
Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado7/12/2022
Ultima modificacao2/25/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
sap:business_one_license_service_api
Fraquezas (CWE)
CWE-306CWE-306
Referencias
https://launchpad.support.sap.com/#/notes/3157613(cna@sap.com)
https://launchpad.support.sap.com/#/notes/3157613(af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.