Insufficient Input Validation in SAP Employee Self Service Allows Unauthorized Access to Personal Information

Insufficient Input Validation in SAP Employee Self Service Allows Unauthorized Access to Personal Information

CVE-2022-29613 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.

Learn more about our User Device Pen Test.