Confidential Information Disclosure in S/4HANA Supplier Factsheet and Enterprise Search

Confidential Information Disclosure in S/4HANA Supplier Factsheet and Enterprise Search

CVE-2022-22542 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.

Learn more about our Web Application Penetration Testing UK.