Unauthorized Access to Payroll Data in SAP ERP HCM Portugal

Unauthorized Access to Payroll Data in SAP ERP HCM Portugal

CVE-2022-22535 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.

Learn more about our Web Application Penetration Testing UK.